Saturday, June 5, 2010
Classless InterDomain Routing (CIDR)In the early 90s it became apparent that the number of free IP addresses would soon be depleted. The total number of IPs was large enough (and still is), but because of routing issues -- routing tables can not grow infinitely due to memory and timing problems -- they could only be used in blocks. There are three classes of IPs: class A, B and C addresses.
For each block in a class one entry in a routers routing table was necessary. Class A, allowing more than 16 million hosts, is much too large for most purposes, besides that only a few class A networks are available. Class C networks on the other hand (254 hosts) are too small. Class B allows for some ten thousand addresses, a good number for medium sized organizations, but in 1992 already half of the available class B address space was in use, with an Internet growing at more than 100% annually. That is why many newly connected organizations ended up with several class C networks, because there were many left of them, which in turn caused a routing table overflow on some devices, because one entry for every single class A, B or C network, respectively, was needed.
This is the point where CIDR comes into the game (See ). CIDR makes it possible to have just one routing entry in a router for a whole block of class C networks. It introduces some rules how to build these blocks - you can't use arbitrary networks. Note that the problem of scaling in routing mainly relates to Internet backbone routing, since the backbone routers have to know all networks on the Internet. Within an organization you can use any routing strategy, whatever you like best. Now that we have built blocks of class C addresses we give them to the Internet providers who in turn give them to their customers, but the latter does not matter. The goal of CIDR was to reduce routing entries in the backbone routers, which began to overflow due to the huge number of entries needed for class C networks (up to about 2 million). After implementing CIDR that number decreased significantly, allowing some more time for developing long term solutions (especially IPv6).
A problem with CIDR is when a customer changes the provider but wants to keep the IP addresses: The old provider still announces the route to the entire block while the new provider must announce a route to the extra net -> there are two routes for that net, the CIDR route and the single route. One possible solution is to use the most specific route, another one is NAT. The first one has the disadvantage of needing a new entry in a backbone router, which CIDR should have prevented. This can be avoided by using NAT, so that the customer keeps the addresses of the first provider for internal use but uses address translation to translate them into addresses of the new provider when communicating over the Internet.
Internal IP addressesWith the proliferation of TCP/IP technology even outside the Internet more and more enterprises began reserving IP address space for sole internal communication. So far there was only one global IP pool out of which all addresses were taken, and everyone needing IPs got globally unique addresses. This was unnecessary in most cases since the majority of enterprises that suddenly needed IP addresses used them only internally, and even when they connected their enterprises networks to the Internet they did not need unique addresses for all their hosts, since for reasons of security and others (e.g. caching web traffic) no direct IP connectivity was allowed between internal enterprise computers and hosts on the Internet. It was therefore just a question of time that special IP addresses out of the global pool were reserved for internal IP networks, as described in .
Now everyone can use one of the reserved class A, B or C networks for their internal communication. These addresses can't be used on the Internet, of course, since they will not get routed. Advantages are that no reservation has to be made in order to get address space, and everybody can pick the addresses best suited for a purpose, e.g. now everyone can use one of the rare class B networks, which makes internal routing easier than having lots of different class C networks.
There are disadvantages, too, but they are by far outweighed by the address space saved. One such disadvantage is that in an ever changing environment nobody knows if networks, that are independently administrated today and have chosen the same address space out of the reserved pool, will be directly connected in the future. This may be the case within enterprises, where before the network age many smaller networks existed independently, or it may even concern different companies that have to merge their networks for some reason. Again, network address translation could be of help in this case.
IP address translationCIDR served as a short term solution for the routing table problem, and therefore also for the problem of address depletion, because now the many class C networks were available for use. To further ease the situation with IP addresses address space was reserved for pure internal use, simultaneously IPs were only given away for those who wanted to connect computers to the Internet.
As an additional measure some people proposed to reuse IP addresses . The idea was that only a small percentage of hosts communicated across network boundaries at a time, so only those hosts would need a globally unique IP. Of course you can't change the system's IP each time your computer wants to establish a connection with another computer outside your network, so it was proposed to let a special device, a so called NAT-router, assign a global IP to a connection dynamically. Since the process should be transparent for both endsystems, assigning an IP meant to exchange the local IP numbers in the IP packets with the global IPs. That means you only need a relatively small number of global IPs and only that many hosts can communicate across the borders of your network simultaneously.
Disadvantages are that your hosts are not reachable from the outside (which may also be an advantage), that the number of simultaneous connections is limited or that the process might not be completely transparent due to the fact that there are protocols like FTP, that transmit their IP to the other host.
A special form of this approach to NAT is to have just one official address and to use just this address for all communication. To allow more than one host to communicate at a time not just the IP, but also the TCP port numbers are replaced, using a different port number for each connection. The number of simultaneous connections is limited only by the number of ports available for the outgoing connections. That Linux implements this form of NAT (called masquerading in Linux) is one of the reasons that this is being widely used today.
All the above ideas have been developed as short term solutions to overcome the most pressing problems caused by the growth of the Internet. They are all meant to be abandoned as soon as the new Internet transport protocol, IPv6, is available and the migration to it has been finished. I think, however, that some of the ideas will and should survive longer. CIDR can be found in IPv6 in a similar form, since it is obvious anyway. Private addresses may be useful under certain circumstances even in the future, e.g. it is not always possible or even desirable to ask a central organization for address space, even if there is enough, possibly because you need it now and for purely internal use. IP address translation, at last, can do much more than what its inventors intended it to do, as I am going to show next.
Saturday, May 29, 2010
Internet Protocol version 6 (IPv6) is the next-generation Internet Protocol version designated as the successor to IPv4, the first implementation used in the Internet that is still in dominant use currently. It is an Internet Layer protocol for packet-switched internetworks. The main driving force for the redesign of Internet Protocol is the foreseeable IPv4 address exhaustion. IPv6 was defined in December 1998 by the Internet Engineering Task Force (IETF) with the publication of an Internet standard specification, RFC 2460.
IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The new address space thus supports 2128 (about 3.4×1038) addresses. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for network address translation (NAT), which gained widespread deployment as an effort to alleviate IPv4 address exhaustion.
IPv6 also implements new features that simplify aspects of address assignment (stateless address autoconfiguration) and network renumbering (prefix and router announcements) when changing Internet connectivity providers. The IPv6 subnet size has been standardized by fixing the size of the host identifier portion of an address to 64 bits to facilitate an automatic mechanism for forming the host identifier from Link Layer media addressing information (MAC address).
Network security is integrated into the design of the IPv6 architecture. Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread optional deployment first in IPv4 (into which it was back-engineered). The IPv6 specifications mandate IPsec implementation as a fundamental interoperability requirement.
In December 2008, despite marking its 10th anniversary as a Standards Track protocol, IPv6 was only in its infancy in terms of general worldwide deployment. A 2008 study by Google Inc.indicated that penetration was still less than one percent of Internet-enabled hosts in any country. IPv6 has been implemented on all major operating systems in use in commercial, business, and home consumer environments.