Solution to Homework #2. IP address and End Host Routing

• Learn about IP address.
  Learn how end host routing works and basic commands for routing table, arp cache table, and network interface.
• Learn how to interpret the IP classless notation and routing table entries.
• Learn how to partition a subnet and assign gateway address.

Assignment Date: 9/11/2006
Due Day: 9/18/2006
Related Material: http://cs.uccs.edu/~cs522/intro/pcnetsetup/pcnetsetup.htm; Chapter 5.6.
Description:

• Problem 1. Classless Address Notation and Routing. Chapter 5. Question 43.
  A router has the following (CIDR) entries in its routing table:

  Address/mask	Next hop
  135.46.56.0/22	Interface 0
  135.46.60.0/22	Interface 1
  192.53.40.0/23	Router 1
  default	Router 2

  For each of the following IP addresses, what does the router do if a packet with that address arrives?
  

  You can use http://windom.uccs.edu/~cs522/cgi-bin/routeMask.cgi to find the network address and netmask.
  a. 135.46.63.10
  Ans: The router will check the routing entry starting with the longest prefix (/23), 192.53.40.0/23. /23 mean network address is 23 bit and the corresponding network mask is 255.255.255.0.
  135.45.63.10 & 255.255.254.0=135.45.62.0 != 192.53.40.0 therefore this entry does not match. Next longest prefix is /22. 135.45.63.10 & 255.255.252.0=135.45.60.0. It matches 135.45.60.0/22 routing entry, therefore the packet will be routed out over Interface 1. With quick observation, we can skip the routing entry with 192.53.40.0/23 but the router cannot.
  
  b. 135.46.57.14
  Ans: 135.46.57.14 & 255.255.252.0=135.45.56.0. It matches 135.45.56.0/22 routing entry and the packet will be routed out over Interface 0.
  
  c. 135.46.52.2
  Ans: This address is lower than 135.45.56.0/22. The default route will be used and the packet will be routed out over Router 2.
  
  d. 192.53.40.7
  Ans: 192.53.40.7 & 255.255.254.0= 192.53.40.0. It matches 192.53.40.0/23 routing entry and the packet will be routed out over Router1.
  
  e. 192.53.56.7
  Ans: 192.53.56.7 & 255.255.254.0= 192.53.56.0. The default route will be used and the packet will be routed out over Router 2.
  
• Problem 2.a. Network Address Translation. Chapter 5. Question 44.
  
  Many companies have a policy of having two (or more) routers connecting the company to the Internet to provide some redundancy in case one of them goes down. Is this policy still possible with NAT? Explain your answer.
  Ans: It is possible if the two rouers can exchange the NAT translation table information when new entries are added. From Chris Cabuzzi, "In the case of redundancy, CISCO has a protocol called HSRP that allows two or more routers to "appear" as one virtual router. With the implementation of HSRP, more than one router could be used with NAT without issue.  Otherwise, the two routers would most likely conflict IP addresses amongst each other."
• Problem 2.b. With NAT, can we still claim that 1) the destination address of IP packets will not be changed end-to-end? 2) every IP address uniquely idenfites a machine worldwide? Please brief explain and give an example.
  Ans: 1) We cannot, since the destionation adress was changed to a private LAN address. A web server runs in a DMZ LAN may have a 192.168.0.10 address and packets to the external 128.198.60.10 may be routed to the web server using DNAT and convert its destination address to 192.168.0.10. 2) If every IP address includes that in the private LAN addreses, then different machines at different organizations may have the same 10.0.0.10 address.
• Problem 2.c. lPv6 uses 16-byte addresses. If a block of 1 million addresses is allocated every nanosecond, how long will the addresses last?
  Ans: 16 bytes=128bits. IPv6 has 2^128 addresss.
  2^128addresses*(1nsec/10^6addresses)*(1sec/10^9nsec)*(1min/60sec)*(1hr/60min)*(1day/24hrs)*(1year/365days)
  =1.07902830E16 years
• Problem 3. IP Address and Routing.
  Given the following routing table on arbor.uccs.edu.
  arbor.uccs.edu> netstat -rn
  Kernel IP routing table
  Destination   Gateway       Genmask       Flags MSS Window irtt Iface
  128.198.160.0 0.0.0.0       255.255.224.0 U     0   0      0    eth0
  128.198.80.0  0.0.0.0       255.255.255.0 U     0   0      0    wlan0
  169.254.0.0   0.0.0.0       255.255.0.0   U     0   0      0    eth0
  127.0.0.0     0.0.0.0       255.0.0.0     U     0   0      0    lo
  0.0.0.0       128.198.160.1 0.0.0.0       UG    0   0      0    eth0
  

  From the first entry of the routing table, it indicates arbor located in a wired Ethernet subnet with IP address 128.198.160.0 and genmask (or called netmask) 255.255.224.0. The second entry indicates arbor also has wireless LAN card on a subnet identified with 128.198.80.0 and genmask 255.255.255.0.

1. What is the equivalent Classless IP addess notattion for the wired Ethernet subnet?
   Ans: The Genmask pattern 255.255.224.0 has 19 bit 1s indicating the network address field has 19 bits. The classless IP address notation is 128.198.160.0/19.
2. What is the equivalent Classless IP address notation for the wireless subnet?
   Ans: The Genmask pattern 255.255.255.0 has 24bit 1s indicating the network address field has 24 bits. The classless IP address notation is 128.198.80.0/24.
3. How many IP addresses can be assigned to machines in the wireless subnet (assume one is used by the router for the grateway interface, one used for broadcast, and one used for identifying the subnet itself)?
   Ans: 2^(32-24) - 3=256-3=253.
4. What command(s) you use to find out the MAC address of the gateway interface for 128.198.160.0 subnet?
   Ans: I use ping and arp. The MAC address of 128.198.160.1 is 00:00:0C:07:AC:01.

   sanluis.uccs.edu> netstat -rn
   
   Kernel IP routing table
   
   Destination   Gateway       Genmask       Flags MSS Window irtt Iface
   
   128.198.160.0 0.0.0.0       255.255.224.0 U     0   0      0    eth0
    
   169.254.0.0   0.0.0.0       255.255.0.0   U     0   0      0    eth0
   
   127.0.0.0     0.0.0.0       255.0.0.0     U     0   0      0    lo
   
   0.0.0.0       128.198.160.1 0.0.0.0       UG    0   0      0    eth0
   			
   
   sanluis.uccs.edu> /sbin/arp -a
   
   sunshine.uccs.edu (128.198.162.68) at 00:06:5B:F6:E4:CC [ether] on eth0
   
   chow.uccs.edu (128.198.161.110) at 00:00:39:B4:86:E0 [ether] on eth0
   
   sunshine.uccs.edu (128.198.162.68) at 00:06:5B:F6:E4:CC [ether] on eth0
   
   chow.uccs.edu (128.198.161.110) at 00:00:39:B4:86:E0 [ether] on eth0
   
   

   It does not see to be there in the arp cache table. No packet was sent the gateway recently. Therefore I created some traffic that goes through gateway 128.198.160.1
   
   sanluis.uccs.edu> ping 128.198.1.250
   PING 128.198.1.250 (128.198.1.250) 56(84) bytes of data.
   64 bytes from 128.198.1.250: icmp_seq=1 ttl=127 time=0.764 ms
   64 bytes from 128.198.1.250: icmp_seq=2 ttl=127 time=0.148 ms
   64 bytes from 128.198.1.250: icmp_seq=3 ttl=127 time=0.147 ms
   64 bytes from 128.198.1.250: icmp_seq=4 ttl=127 time=0.144 ms

   --- 128.198.1.250 ping statistics ---
   4 packets transmitted, 4 received, 0% packet loss, time 2997ms
   rtt min/avg/max/mdev = 0.144/0.300/0.764/0.268 ms
   

   sanluis.uccs.edu> /sbin/arp -a
   math.uccs.edu (128.198.168.202) at 00:06:5B:F6:E4:CC [ether] on eth0
   lincoln.eas.uccs.edu (128.198.160.64) at 00:06:5B:0F:1A:19 [ether] on eth0
   evans.eas.uccs.edu (128.198.160.66) at 00:06:5B:0F:17:10 [ether] on eth0
   sunshine.uccs.edu (128.198.162.68) at 00:06:5B:F6:E4:CC [ether] on eth0
   ? (128.198.160.1) at 00:00:0C:07:AC:01 [ether] on eth0
   chow.uccs.edu (128.198.161.110) at 00:00:39:B4:86:E0 [ether] on eth0
   

   On blanca, the /etc/resolv.conf file shows the following entry
   
   search uccs.edu eas.uccs.edu
   nameserver 128.198.160.64
   nameserver 128.198.160.66
   nameserver 128.198.1.250
   
   The search line indicates the domain name(s) to attach to a local name such as sanluis for DNS name lookup.
   The three nameserver lines indicate the primary DNS server used by blanca is 128.198.160.64, the secondary DNS server is 128.198.160.66 and the tenary DNS server is 128.198.1.250.
   
   
5. For DNS query, blanca will first try to send it to 128.198.160.64. In that DNS query message, what is the source IP address, the destination IP address, the source mac address, the destination mac address?
   Ans: We can find blanca's IP address by "nslookup blanca" or see the local information in /etc/hosts at blanca.uccs.edu.
   128.198.162.60 blanca.uccs.edu blanca
   
   sanluis.uccs.edu> nslookup blanca
   Note: nslookup is deprecated and may be removed from future releases.
   Consider using the `dig' or `host' programs instead. Run nslookup with
   the `-sil[ent]' option to prevent this message from appearing.
   Server: 128.198.160.64
   Address: 128.198.160.64#53

   Non-authoritative answer:
   Name: blanca.uccs.edu
   Address: 128.198.162.60
   
   Therefore the source IP address is 128.198.162.60.
   The destination IP address is 128.198.160.64.
   
   The source mac address can be found using /sbin/ifconfig
   
   blanca.uccs.edu> /sbin/ifconfig
   eth0 Link encap:Ethernet HWaddr 00:B0:D0:D1:13:5C
   inet addr:128.198.162.60 Bcast:128.198.191.255 Mask:255.255.224.0
   
   Therefore the source MAC address is 00:B0:D0:D1:13:5C
   
   The destination MAC address can be found with /sbin/arp -a command:
   
   blanca.uccs.edu> /sbin/arp -a 128.198.160.64
   lincoln.eas.uccs.edu (128.198.160.64) at 00:06:5B:0F:1A:18 [ether] on eth0
   
   Therefore the destination MAC address is 00:06:5B:0F:1A:18.

6. Assume the 128.198.160.64 is shut down for maintenance so is the 128.198.160.66. Both DNS queries will fail. Blanca will try the 3rd DNS server 128.198.1.250. In that DNS query message to 128.198.1.250, what is the source IP address, the destination IP address, the source mac address, the destination mac address?
   
   
   Ans: Repeat the same commands used in problem d.
   The source IP address is 128.198.162.60.
   The destination IP address is 128.198.1.250.
   The source MAC address is 00:B0:D0:D1:13:5C. The destination MAC addres for the frame sent by blanca will contain the MAC address of the gateway 128.198.160.1 since 128.198.1.250 is in a different subnet. In problem c we found 00:00:0C:07:AC:01 is the MAC address of 128.198.160.1.
   
   Note that the gateway will forward the DNS query to 128.198.1.250 over its network interface connected to the 128.198.1.0/21 subnet, say 128.198.1.1. The frame sent by 128.198.1.1 interface will contain IP packet sent by blanca. Compare the frame received by the gateway from blanca with the related frame to be sent by the gateway to 128.198.1250.
   
   The following arp command was run on blanca and elan on the gateway, and find the mac address used by the router/gateway is the same.
   
   elan.uccs.edu> /sbin/arp -a
   uccshub.uccs.edu (128.198.1.1) at 00-00-0c-07-ac-01
   
   MAC address of the gateway for 128.198.160.0 is obtained using the command
   /sbin/arp -a 128.198.160.1
   
   ? (128.198.160.1) at 00:00:0C:07:AC:01 [ether] on eth0
   MAC address 00:00:0C:07:AC:01
   
   
7. Does the gateway (router) change the source and destination IP addresses of the IP packets passing by? Explain (Note that there are two cases, one involves with network address translation, NAT).
   
   Ans: Since the destination IP address will be used by other routers to forward the IP packets to its final destionation, normally it cannot be changed. The source IP address in the IP packet is used by the receiver to identify the sender and as the destination IP address for the return IP packets.
   
   The exception case are the firewalls of the destination network (or called enhanced router) and the load balancer of server clusters. The firewall may be configured with the Destination Network Address Translation (DNAT) service where the destination IP address of a packet destined to a web server, or email server, or DNS server, will be translated into a Private LAN address such as 10.0.0.2 and then forward it to a machine within DeMilitarized Zone (DMZ). Note that for the packets for return response, the firewall will change the source IP address from private LAN address back to the corresponding external IP address. In some server cluster systems, one front end distributor or load balancer machine will be configured with the external IP addresses or called Virtual IP addresses of the cluster. When it receives the request, it will forward the requests to one of the physical servers based on some scheduling discipline. Normally the LAN between distributor and physical server are configured with private LAN address. Therefore the request packet's destination IP address will be changed by the distributor from that of VIP to the IP address of the physical server (private IP address). If responses go through the distributor, the source IP address of physical server in the packets will be converted back to the corresponding VIP address.
   
   The Internet sharing case at home is called SNAT (source network address translation). It converts an outgoing packet's source IP address to that of the share external IP address. Sometimes the port needs to be modified also since other connections may have been allocated with that port number for the external connections. For the response coming back from Internet, the gateway machines will convert its destination IP address back to that of the corresponding internal IP address.
   
   
8. Give an example where a gateway may change the source and destination IP addresses of packets passing by.
   Ans: Oops, In above Internet sharing example, the gateway changes one of the IP address field, but not simultaneously.
9. Does the gateway (router) change TTL field in the IP header of packets passing by?
   Ans: The gatewy will decrement the TTL field by one.
10. Does the router repeat the source and destination MAC addresses of the incoming frame in its outgoing frame?
    Ans: Yes. Because the receiver on the 2nd LAN segment will have a different MAC addresses, so is the interface of the gateway that connected to the 2nd LAN.
11. If this is the IP packet destined to 129.42.19.99 (ibm.com), will the intermediate routers change any IP header fields?
    Ans: Only the TTL field and header checksum are changed.