The Network Layer - Data Plane

0. Sources

1. James Kurose & Keith Ross, Pearson+, “Computer Networking: A Top-Down Approach” - 2020-07-24

1. Core Terminologies

Term	Description
network layer	is concerned with the transfer of packets from a sending host to a receiving host
data plane	the network-layer plane where forwarding occurs. Happens inside the router.
control plane	the network-layer plane where routing occurs. Happens among the routers.
forwarding/switching	the transfer of packet from a router’s input link to its appropriate output link.
routing	the path identification to move packets from sender to receiver.
network service model	characterizes the nature of delivery between the hosts
generalized forwarding	forwarding based on values in the datagram’s header.1 It includes factors besides the destination.
IP forwarding	forwarding based on datagram’s destination address2
routers	packet switches that has their forwarding based on the header field values in the datagram—as opposed to the link-layer frame values. They receive datagrams from links and forward them to other links.
input port	the location where the packets arrive at the router to be processed and forwarded to the output port
switching fabric	forwards the packet from input port to the appropriate output port
output port	transmits the packet to the outgoing link
routing processor	computes and distributes the forwarding table to the input port
match plus action	generally refers to values matching and the corresponding actions to take as a response to the match.
forwarding throughput/switching rate	the total rate at which packet is transferred from input port to output port.
memory bandwidth	the total rate at which a packet is read/written from/to memory.
head-of-the-line blocking	occurs when a packet in an input queue is waiting because another packet at the head of the line is also waiting
drop-tail	output port policy used when its buffer is full.
bufferbloat	when excessive buffer causes queueing delay
round robin queueing	priority + alternation form of queueing
IPv4, IPv6	Internet protocol version 4 and internet protocol version 6
interface	boundary between device (i.e. host or router) and link
subnet/IP network/network	is made up of host and router interfaces with the same prefixes (logical subdivision) and are interconnected by the same link (physical connection)
subnet mask	a template which identifies which is the portion that is the network prefix and which is the unique host identifier bits
CIDR (Classless Interdomain Routing )	a flexible IP addressing scheme which was not restricted to classes
classful addressing	a rigid IP addressing scheme which was limited to 8, 16, or 24 bit length, causing it to be replaced
Dynamic Host Configuration Protocol (DHCP)	allows automatic IP address assignment and provision of other related information
first-hop router/default gateway	the router that hosts in a subnet use to interact with the wider internet
network address translation (NATs)	allow multiple subnet devices to share the same single public IP address
NAT translation table	allows the internet to send datagrams to the appropriate end system even with a public IP address representing that end system and other end systems
private network /real with private addresses	addresses only meaningful to devices within the network
firewall	examines the datagram and segment header fields of incoming datagrams for anything it classifies as unsafe
Intrusion Detection Systems (IDS)	performs deep packet inspection—examination of segment header field and the application-layer payload
open flow	is a standard for match-plus-action forwarding abstraction and controllers
middleboxes	provide extra functionality unavailable to a typical IP router on the data path situated in between source and destination host.

2. Details

2.1. Network Layer Overview

• Network layer is made up of two interacting parts: data plane and control plane .
  • data plane functions govern how datagrams on each router’s input link is forwarded to one of their output links
  • control plane functions govern how datagrams are routed among routers. In other words, they coordinate the local forwarding actions from each router to successfully transfer the datagrams from source to destination.³
• Software-Defined Networking (SDN) separates the network plane and the control plane functions because they are traditionally implemented together

Sender vs. receiver:

Sender	Receiver
encapsulates segments to datagrams to pass to the link layer	sends segments to the transport layer

Network layer functions:

1. Forwarding (aka switching). The transfer of packet from a router’s input link to its appropriate output link.
   • Possible cases:
     1. Packet comes from a malicious source and, as a result, blocked from exiting the router
     2. Packet is headed to a forbidden destination and, as a result, blocked from exiting the router
     3. Packet is duplicated for different output links
     4. Packet header field values are rewritten
   • It is implemented in the hardware because the process is very short (in nanoseconds only)
   • forwarding tables are used to determine which output link to forward the arriving packets to. It makes use of their header field values as an index or clue to find the best matching output link interface in the table.
2. Routing. The path identification (using routing algorithms) to move packets from sender to receiver.
   • Is implemented in the software because the process takes longer (in seconds)

Traditional approach to the control plane:

• The content of each router’s forwarding table is computed using its routing algorithm’s functions and the information it exchanged with other router’s routing algorithm’s functions.⁴
• Routing messages containing routing information are based on the protocol used.

SDN approach to the control plane:

• A physically separate remote controller computes a forwarding table and distributes it to each router. It is software-defined because the formulation and distribution of the forwarding table is implemented in software.
• Data plane functionality is the same (i.e., forwarding), but control plane functionality is different (i.e., producing the forwarding table contents)

Network service model:

The network service model describes the services offered by the network layer to the transport layer when sending a packet. It therefore characterizes the nature of delivery between the hosts. Its services include the following:

Service	Description
guaranteed delivery	guarantees that packets sent arrives at destined host
guaranteed deliver w/ bounded delay	guarantees not only delivery but also that the packets do not exceed a specified delivery time limit (i.e. guaranteed timing)
in-order packet delivery	ensures packets arrive at the order they were sent
guaranteed minimal bandwidth	ensures that the delivery’s bit rate remains below a specified bit rate limit
security	encryption at sender and decryption at receiver
best-effort service

Best-effort service:

• No service at all⁵
  • no guaranteed delivery
  • no guaranteed timing
  • no guaranteed order
  • no guaranteed minimal bandwidth
• combining it with bandwidth provisioning and bandwidth-adaptive application-level protocols makes it ideal for applications such as video streaming, video-over-IP (VOIP), and real-time conferencing

Routers vs link-layer switches

Routers	Link-layer switches
Forwarding based on header field values of datagrams	Forwarding based on field values of link-layer frames
Are network-layer or layer 3 devices	Are link-layer or layer 2 devices

2.2. Inside a Router

Main components in a generic router architecture:⁶

1. Input ports. Its important functions include (in order):
   1. physical layer function: to terminate incoming physical links at the router and convert the received signals to a stream of bits.
   2. link-layer functions: to facilitate the proper interpretation of bits and processing of frames from the link layer at the other side of the incoming link (i.e., the sending device’s output port)⁷
   3. lookup function: provides access to forwarding table.
2. Switching fabric. Connects input ports to its output ports.
3. Output ports. Stores the packets it receives from the switching fabric and transmits it to the outgoing link via link layer and physical layer functions.
4. Routing processor. involved in the control-plane operations:
   • traditional approach: performs routing protocols, keeps routing tables and the attached link state information, and formulates the forwarding table.
   • SDN approach: receives the forwarding table entries from the remote controller and installs it to the input ports of the router

Types of forwarding:

• Destination-based forwarding. The final destination is used to determine which outport port interface to transfer the packet to.
• Generalized forwarding. Factors besides the destination can be used as basis to choose which outport port interface to transfer the packet to.

Input port processing:

1. Line termination and physical-layer processing
2. Data link processing by applying link-layer protocol and decapsulation
3. Lookup
   1. Forwarding table is computed by the routing processor (traditional approach) or the remote controller (SDN approach).
   2. The table is copied to the input port line card. This avoids bottlenecks by facilitating local forwarding decisions.

Other actions taken in the input port

• checking and rewriting of packet fields
• updating of counters—something used for network management.

Destination-based forwarding:

• Problem: In the context of destination-based forwarding, it would be impractical to have one entry per possible destination address in the forwarding table, considering that there are >4 billion possible addresses.
• Workaround: Use prefixes. If the packet destination address matches with the prefix in one of the entries of the forwarding table, the router forwards it to the corresponding link interface.⁸
  • If there is no match, forward it to the default link interface.
• Longest prefix matching rule: If there are multiple prefix matches with the packet destination address, the router should use the entry with the most amount of matching bits.
• Lookup should only take nanoseconds, therefore there are crucial design considerations to ensure a proper lookup function:
  • it should be implemented in the hardware level
  • techniques cannot be more complex than a simple linear search
  • memory access times can affect speed, hence usage of embedded on-chip DRAM and faster SRAM (DRAM cache)
• Ternary Content Addressable Memories (TCAM) are used to retrieve forwarding table entries in constant time⁹
• The packet enters the switching fabric after lookup.
  • Some designs block the packets from using the switching fabric when it is being used by a packet from another input port. They will be queued at the input port and are scheduled to use the switching fabric at a later period.
• match plus action the process of looking up a packet’s destination address in the forwarding table (match) and transferring the packet to the switching fabric so that it can direct it to the appropriate output port (action)¹⁰

Switching fabrics:¹¹

The switching fabric is where switching/forwarding takes place in the router. It can be done in different ways:

• Switching via memory. The simplest and earliest form of switching wherein routers were traditional computers, the routing processor (or CPU) manages the switching, and the input and output port functioned as I/O devices.
  • Input port informs the routing processor of an arriving packet via an interrupt
  • Routing processor copies the packet into the processor memory → extracts destination address from the header → forwarding table lookup → packet is copied to output port’s buffer
  • The forwarding throughput (or switching rate)¹² must be less than half $(B/2)$ the memory bandwidth $B$.¹³ Forwarding throughput must be slower than memory bandwidth to avoid bottleneck.¹⁴
  • Cannot forward two packets simultaneously because only one memory read/write at a time over shared system bus
• Switching via bus. Direct and routing-processor-free transfer of packet via shared bus.
  • Usually done by prepending header values to the packet that correspond to the appropriate output port.¹⁵ It is then transmitted through the bus.
  • Bus speed limits the switching speed because all input ports use the same bus that can only handle one packet at a time.
• Switching via interconnection network. Uses sophisticated interconnection networks like a crossbar switch.
  • A crossbar switch connects $N$ input ports to $N$ output ports using $2N$ buses.
  • A crosspoint is where a horizontal and vertical bus intersect
  • The switch fabric controller closes or opens crosspoints.
  • The switch fabric controller closes the crosspoint corresponding to the input port of an arriving packet and its associated output port → input port sends arriving packet to its bus → bus of corresponding output port receives the sent packet
  • crossbar switches can forward multiple packets in parallel because it is non-blocking¹⁶
    • multistage switches are used to override limitation of crossbar switches and allow simultaneous output port usage (multi-stage switching fabric).
    • Multiple parallel switching fabrics also allow for increased switching capacity:¹⁷
      1. $N$ switching fabric, which run in parallel, connect input and output ports
      2. each arriving packet is broken down into $K$ chunks and are sent to the $N$ parallel switching fabric at the same time (each chunk are headed to the same output port)
      3. the chunks are reassembled into its whole after arriving at output port

SUMMARY

Switching via MEMORY	Switching via BUS	Switching via INTERCONNECTION NETWORK
relies on routing processor	relies on shared bus	relies on an interconnection network like a crossbar switch
limited by memory bandwidth	limited by bus speed	packets are blocked when output port is busy, unless multistage switches are used

Output Port Processing:

1. Schedule the packets in the output port memory (in terms of which will be transmitted to the output link first)
2. Remove the packets from queue (de-queueing)
3. Perform link-layer and physical-layer processing on the packet

Queueing:

• Packet loss occurs when large queues lead to memory being unable to accommodate arriving packets.
• If the switching rate $R_{\text{switch}}$ is $N$ times faster than line rate $R_{\text{line}}$, queueing will be negligible at the input port because up to $N$ packets can be switched to the same output port before the next batch of packets arrives.
• Input queueing.
  • head-of-the-line (HOL) blocking occurs when a packet in the input queue is waiting despite its output port being free due to a packet at the head of the line being blocked (i.e., the HOL packet is waiting for another packet from another input port to finish switching to the same output port).¹⁸
  • Once input queue grows due to HOL blocking, significant packet loss can occur when the packet arrival rate reaches around 58% of its capacity.¹⁹²⁰
• Output queueing.
  • One situation where queues form at output port is when switching rate is faster than the transmission rate of the packet to the outgoing link.
  • When output port buffer is full, the router can drop the arriving packets or remove packets in the output port buffer for the arriving packets (drop-tail policy).
  • Active queue management (AQM) algorithms are policies that drop packets or mark the packets’ header before the buffer is full to signal a congestion to the sender.
  • The packet scheduler at the output port chooses which packet in the queue will be transmitted next.

Buffer Management:

• The greater mismatch in rates (i.e., output port packet transmission rate and switching rate, and packet arrival rate and )
• RFC 3439. Old approach to buffer sizing:
  • $B=RTT\cdot C$²¹
    • $B$ is amount of buffering
    • $RTT$ is average round trip time
    • $C$ is link capacity
• ↑ buffer size ↑ queueing delay ↓ TCP sender responsiveness to congestion and packet loss
  • bufferbloat when excessive buffer causes queueing delay
  • In p. 324, a bufferbloat occurs after a burst of packets forms a queue and, while the queue decreases, it eventually stabilizes (after all initial packets from the burst disappears and only ACK-triggered packets remain) and maintains an queue which causes undesired queueing delay.
    • The persistent buffer after the queue buildup occurs because the packet arrival rate is faster than the link transmission rate (bottleneck)

Packet Scheduling:

Packet scheduling is concerned with the order in which packets are queued for transmission to outgoing link. There are two ways to order the queue:

1. First-in-First-Out (FIFO). Packet leaves in the same order they arrived.
   • A packet joins a queue when outgoing link is busy transmitting another packet
   • The packet is removed from the queue once it is served/finished transmitting
   • When buffer is full, discarding policy determines the response (see drop-tail).
2. Priority Queueing. Arriving packets are immediately categorized with a priority according to their class of traffic²²
   • Each priority class has their own queue
   • The packet which will be served first is the one at the highest priority class with a non-empty queue (order of queue is often FIFO)
   • Non-preemptive priority queueing means that packet transmission cannot be interrupted once it starts
3. Round Robin and Weighted Fair Queueing (WFQ)
   • Round robin queueing uses priority queueing but alternates services among classes.²³
   • Work-conserving queueing guarantees that the link is always busy whenever there are queues of any class present. It searches the next class in the round robin sequence when it cannot find packets from a certain class.
   • Weighted fair queueing (WFQ) discipline is characterized by the following features:²⁴
     • Cyclic serving wherein once the last class in the round robin sequence has been served, it returns to the start of the round robin sequence and repeats the pattern of serving
     • Work-conserving queueing discipline
     • Weighted serving wherein each class may have varying amount of service in any interval of time.
       1. class $i$ has a weight of $w_i$
       2. class $i$ is guaranteed $\frac{w_i}{\sum w_j}$ fraction of service when it has a packet to send²⁵
       3. class $i$ throughput is equal to $R\cdot \frac{w_i}{\sum w_j}$

Network Neutrality:

• ISPs can provide different levels of services to different classes of traffic (e.g., they can give higher priority to datagrams sent by certain companies based on IP). However, policies such as net neutrality can put limitations to ISP decisions.
• FCC 2015’s 3 rules tied to net neutrality:
  1. No blocking. People involved in the provision of broadband internet access are forbidden from blocking lawful and harmless content and services.
  2. No throttling. They are also forbidden from degrading lawful internet traffic based on how the network devices are used.
  3. No paid prioritization. They are also forbidden from favoring one traffic over another.
• Before FCC 2015, some ISPs have been caught violating the first 2 rules.

2.3. IP Protocol

• The two versions of Internet Protocol (IP) which are used today are IPv4 and IPv6

IPv4 Datagram Format:

The key fields of the datagram format (header is 20 bytes long if no options):

1. Version number. 4 bits that specify the protocol version (IPv4 or IPv6) and how to interpret the datagram.
2. Header length. It helps identify the start of the payload. Typical header length is 20, but changes if options are applied.
3. Type of service. Useful in differentiating IP datagram types (e.g., real time vs non-real-time). The last two bits are also used for Explicit Congestion Notification.
4. Datagram length. Specifies the total length (header plus data) in bytes.
5. Identifier, flags, and fragmentation offset. Used in IP fragmentation,²⁶ or break down of datagram into smaller datagram chunks, and re-assembly.
6. Time-to-live (TTL). Ensures that datagrams do not circulate forever and dropped when its TTL reaches 0. Each time router processes the datagram, the TTL is decremented by 1.
7. Protocol. Indicates the transport-layer protocol for the payload:
   • 6 = TCP
   • 17 = UDP
8. Header checksum. Used in error detection.
   • Computation: for each 2 bytes in the datagram header, add the numbers using 1s complement arithmetic (i.e., the Internet checksum).
   • If received datagram checksum ≠ computed checksum → error → discard datagram
   • Although it seems redundant, error detection (checksum) is done in both network layer and transport layer because they do not necessarily²⁷ belong in the same protocol stack; IP contains some data not passed to TCP/UDP.
9. Source and destination IP addresses. Determined by the source host. The destination pertains to the final destination; it’s address is often identified through DNS lookup.
10. Options. Allows the header to be extended, though they should be used rarely (to save overhead and make header processing simpler)²⁸
11. Data (payload). The most important field which oftentimes contain TCP/UDP segments. Sometimes contain other data types like ICMP messages.

IPv4 Addressing:

• Hosts only have one link from which their sent datagram use to reach the network. The interface refers to the boundary between the host and the physical link.²⁹
• IP addresses are used to identify specific host/router interfaces for sending IP datagrams.
  • 4 bytes long
  • ~4 billion possible unique values
  • In dotted-decimal notation: each byte in decimal and is separated by a period
• All interfaces connected to the internet, except for NAT interfaces, must have a globally unique IP address. Typically the subnet defines parts of their address.³⁰
  • A subnet (or IP network) is made up of host and router interfaces with the same prefixes and are interconnected by the same link.
    • To determine subnet: separate the router/host from each interfaces → links are now not connected to end host/router and only connected to isolated networks → the isolated networks are subnets
  • IP addressing assigns the subnet address. The ”/$x$” in the end of a subnet address is referred to as the subnet mask;³¹ it indicates that the $x$ bits prefix of the interfaces pertains to the subnet address.
  • The Classless Interdomain Routing (CIDR) (RFC 4632) formalized the “IP address + Slash + Prefix-length” way of expressing the subnet address.³²
    • Organizations are given a range of addresses with a common prefix. Devices within the org. have IP addresses within that range.
    • Routers outside the org. network only consider the prefix (and not the other portion) when destination of forwarded datagram is within the network. This minimizes the space used by the router forwarding table.
    • Inside the org. network, the remaining bits that isn’t the prefix differentiates and identifies the devices within that org. On the other hand, it is also possible to have another internal subnet inside the org/subnet.
  • In contrast to CIDR, Classful addressing the network portion length was restricted to 8 (class A), 16 (class B), or 24 (class C) bits. They were deprecated because they were too rigid, resulting in inefficient IP allocation:
    • Class A and Class B were too large (e.g., Class B supported up to 65, 634 hosts)
    • Class C was too small (could only support up to 254 hosts)
• Address aggregation (or route aggregation/summarization) is the capacity to advertise organizations by using a one prefix
  • Advertising is when an ISP tells the internet to send the datagrams to them if it matches a specific address.
  • Address aggregations ensures efficiency: let’s say that an ISP has the subnets 123.456.789.0/16 to 123.456.789.255/16; with address aggregation, they do not have to advertise all 256 subnets, only 123.456.789.0/16 (this address already represents the others).
  • Organizations are allocated blocks (like 123.456.789.1/16).
  • If an organization connects to the internet using an ISP who does not cover the organization’s address block, that ISP will now also include and explicitly advertise that specific address block.³³³⁴
• When a host sends a datagram to the IP broadcast address 255.255.255.255, all hosts on the same subnet will receive the sent datagram.

Block Addresses

• For an organization subnet to get a block address, the network administrator must first contact the ISP.
• The ISP already has a large address block that it can divide for each organization it supports.
• the Internet Corporation for Assigned Names and Numbers (ICANN) is the global authority that manages IP address space.³⁵ It adheres to the RFC 7020 guidelines.
  • They also assign and manage domain names.
• Host IP addresses are often automatically setup via Dynamic Host Configuration Protocol (DHCP), while router IP addresses are configured manually by the network administrator.
  • Two ways of DHCP assignment: permanent³⁶ IP address and temporary IP address.
  • Other information that DHCP provides to host includes the following:
    • subnet mask
    • first-hop router/default gateway (i.e., the router that hosts in a subnet use to interact with the wider internet.)
    • local DNS address
  • plug-and-play or zeroconf - ability to automate host to network connection
  • client = host that needs network config. info
  • Each subnet has a DHCP server, but if none → need DHCP relay agent familiar with DHCP server address.
  • Shortcoming: if host has a TCP connection with another device and it moves to another subnet, it will break that connection because its IP will change.
• 4-step DHCP process:³⁷
  1. DHCP server discovery. Client tries to find DHCP server using DHCP discover message. It sends an IP datagram containing a UDP packet to port 67 and passes it to the link layer, which broadcasts it to all nodes of the subnet. The datagram also contains a broadcast destination address (255.255.255.255) and a “this host” source address (0.0.0.0)
  2. DHCP offer(s). each DHCP servers receive the discover message and respond with a DHCP offer message that is broadcasted to everything on the subnet (i.e., 255.255.255.255). The message contains the following:
     • transaction ID of received message
     • proposed client IP address
     • network mask
     • IP address lease time - how long the IP address will be valid
  3. DHCP request. Client can respond to the offer(s) using a DHCP request message
  4. DHCP ACK. A server can respond to the request message with a DHCP ACK message. After this, client may now use the allocated IP address until lease time expiry (can be renewed).

Network Address Translation:

• Problem: Small office, home office (SOHO) subnets are provided address blocks by ISP. If they need to expand, the new address has to be contiguous, which can be problematic if adjacent addresses are already taken.³⁸
• Solution: Network address translation (NATs) allow multiple subnet devices to share the same single public IP address. This means the network outside is unaware of the inner details of the home network and only sees it as a single device with a single address.
• Private network (or real with private addresses) - addresses only meaningful to devices within the network
  • Any device with IP address that falls under 10.0.0.0/8 (e.g., 10.0.0.0/24) belongs to the private IP address range, meaning that it’s only usable within a network and not outside (cannot be a public IP)
• NAT translation table allows the internet to send datagrams to the appropriate end system even with a public IP address representing that end system and other end systems.
  1. When an client sends a datagram targeted to a server outside of its network, a NAT-enabled router converts its datagram from a LAN-side IP address and port number to a WAN-side address and port number
  2. Any response to the datagram will be targeting the WAN-side address and port number.
  3. The receiving router to the response will utilize the NAT translation table to forward the datagram to the appropriate client using the IP and port number details as indexes for the table.
• NAT traversal tools serves as one workaround to issues brought by the use of port numbers for addressing hosts instead of addressing processes.³⁹
• Architectural criticism: router is a network-layer device, therefore hosts should communicate directly with each other and not have their IP address and port number be modified. Using NAT violates this principle.
• Firewalls and Intrusion Detection Systems (IDSs) protect the hosts in the network from malicious packet attacks
  • Firewalls - examines the datagram and segment header fields of incoming datagrams for anything it classifies as unsafe. Besides this, it can also track TCP connections, providing access only to approved connections.
  • IDS performs deep packet inspection—examination of segment header field and the application-layer payload. It uses a regularly-updated database containing packet signatures associated with attacks.
    • Check if matching packet signature → alert if match
  • Intrusion Prevention System (IPS) blocks malicious packets and creates alerts.

IPv6:

• The IETF developed the IPv6 in the 1990s to respond to the need for more IP address space.
• Datagram Format:
  • Important changes in the format:
    1. Size of IP address increased from 32 to 128 bits. Introduction of anycast address (besides unicast and multicast) for sending datagrams to any one of a group of hosts.
    2. Some IPv4 fields were made optional or dropped, resulting in a 40-byte header.
    3. Packets can be labeled to particular flows depending on their needs (e.g., real time service or a different service quality).
  • IPv6 defined fields:
    • Version = 6
    • Traffic class = provides priority to datagrams in a particular flow or applications
    • Flow label = identifies datagram flow
    • Payload length = a 16-bit value specifying the byte size of the datagram
    • Next header = determines protocol used for delivering datagram content (UDP or TCP)
    • Hop limit = Each router that forwards a datagram reduces this value by one until it reaches zero (point when it is dropped)
    • Source and destination addresses = different formats found in RFC 4291
    • Data = IPv6 payload. It is passed to the next protocol according to next header field
  • IPv4 fields removed from IPv6:
    • Fragmentation/reassembly. This is expected to be performed only in end-systems instead of routers to save time. If datagram router receives is too big, it is dropped and should be resent with a smaller size.
    • Header checksum. Redundant since checksum is already performed in the transport layer.
    • Options. Replaced by being a potential value for the next header field, instead of being its own field.

IPv4 to IPv6:

• Issue: IPv6 can send, route, and receive IPv4 datagrams but not vice-versa
• Solution: Tunneling wherein IPv6 are called tunnels and their datagrams (when IPv4 address between two IPv6 nodes) are stored in the payload of the IPv4 datagram.
  • To identify IPv6 datagram → IPV4 protocol number field

2.4 Generalized Forwarding and SDN

• Match, in contrast to its previous use, applies to multiple header fields.
• Action can include output port forwarding, load balancing, NAT, firewall, etc.
• Uses network layer and/or link-layer → shift from using the term ‘routers’ to ‘packet switches’
• Generalized match+action is often carried out by remote controller
• Open Flow is a standard for match-plus-action forwarding abstraction and controllers. It includes the following:⁴⁰
  • set of header fields for matching incoming packet
  • set of counters updated when packet matches with table entry, may include the count of table entry matches and latest table entry update time
  • set of actions taken when it matches with set of header fields

Match:

• OpenFlow can be matched with 11 packet header fields and port ID
• It can be matched with three protocol layers: link-layer, network-layer, and transport-layer
• Ingress port - packet switch input port
• Wildcards allowed through ’*’
• Abstractions do not match all fields to provide only sufficient functionality to finish task and avoid unnecessary complexity

Action:

Actions are performed in this order:

1. Forwarding. packets may be forwarded to output port, broadcasted over all ports, or multicasted to multiple specific ports.
2. Dropping. flow table entry w/o action → drop matched packet
3. Modify-field. possible rewriting of 10 packet-header field before forwarding.

2.5 Middleboxes

• Middleboxes provide extra functionality unavailable to a typical IP router on the data path situated in between source and destination host. It has three types of services:⁴¹
  • NAT Translation.
  • Security Services. Like Firewalling, Deep-packet Inspection (DPI), and IDS.
  • Performance enhancement. By performing compression, content caching, and load balancing of requests.
• Network function virtualization (NFV) is the approach to implement these services: commodity hardware with specialized software above common software stack.
• Middleboxes violate the clear separation between the network layer and the transport/application layers.

3. My Questions

1. What is the data plane and the control plane? Can they only be defined by their functions?
2. What is bandwidth provisioning and bandwidth-adaptive application-level protocols?
3. What does multiple independent TCP flow passing through a link exactly mean? Like what does this look like practically?
4. Is the weight of the classes in WFQ a positive integer or a decimal like 0.something? I think former, though I have to confirm later.

4. Related Concepts/Links/Terms

Term	Description
routing	process of determining the packet’s source-destination paths
linecard	a circuit designed to fit in a printed circuit board and interface with telecommunication access networks
de-queueing	removing a particular thing from a queue
round trip time	time it takes to go from sender → receiver → sender
link capacity	maximum amount of data a link can deliver over a period of time

4.1 Datagram Vs Segments

Datagram	Segment
A network layer packet which encapsulates segments.	A transport layer packet.
It travels between hosts on different networks.	It travels between processes on different hosts.
Uses protocols such as IP	Uses protocols like TCP and UDP

Footnotes

1. I think this mean’s that it’s closer to the data plane ↩

2. I think this mean’s that it’s closer to the control plane ↩

3. p. 304 ↩

4. Imagine it this way, each router has a routing algorithm function. The routing algorithm functions of every router will talk to each other to make the best forwarding table so that it is guaranteed that the packet will reach their intended destination. ↩

5. p. 310 ↩

6. p. 312 ↩

7. Interoperability is governed by the link-layer (layer 2) protocol used at the sender and the receiver. These protocols must be the same for both sides to work properly. ↩

8. the destination address uses an IP address format ↩

9. p. 316 ↩

10. this is only in the context of input port processing. The match plus action terminology is a common abstraction also used in other network devices besides routers ↩

11. p. 317 to p. 319 ↩

12. Forwarding throughput is the total rate at which packet is transferred from input port to output port. ↩

13. Memory bandwidth is the total rate at which a packet is read/written from/to memory. ↩

14. Provides sufficient time for reading and writing of packets before transferring it from input port to output port. ↩

15. Although all output ports receives a packet, the one with labels that match with the packet header gets to keep their packet ↩

16. packet is only blocked when its destined output port is busy. If unclear, review p. 318 ↩

17. Not confident about my explanation here, might need to correct in the future if misunderstood. Found at p. 319 ↩

18. In the context of crossbar switches configuration. If still unclear and want more context, check p. 320 @Input Queueing ↩

19. Packet arrival rate refers to the amount of packets arriving at the input port. It is dependent on the packets being sent by a sender over a period in time. If they send a lot in a short period of time, to the point that it reaches more than 58% while HOL blocking and queue buildup occurs. Significant packet loss will occur. ↩

20. The packets that get dropped in this context are the ones outside of the queue (i.e. the arriving packets) ↩

21. If a lot of multiple separate TCP connections $N$, formula changes to $B=\frac{RTT\cdot C}{\sqrt{N}}$, check p. 323 for more info ↩

22. The classes are based on any set of fields in the IP datagram header, like the port number. ↩

23. If a packet of class 1 arrives and gets serviced first, and another packet of class 1 arrives together with a packet of class 2, the next to be serviced will be class 2 (or whatever was next class is according to the round robin sequence). It only skips a particular class when packets of that class are unavailable. Check p. 329 for a detailed example. ↩

24. Textbook says this is a idealized description, there is a packetization issue which was not discussed ↩

25. Another way of interpreting this is class $i$ is guaranteed service equivalent to its weight relative to the total weight of all classes which has a non-empty queue (i.e., $\frac{\text{weight of class i}}{\text{sum of the weight of each non-empty class, including class i}}$) ↩

26. IP fragmentation is not offered in IPv6 ↩

27. In theory, TCP can run over a network-layer protocol ↩

28. Hence it was removed in IPv6. Detailed considerations at p. 333. ↩

29. Interface can also be used for routers and not just hosts ↩

30. A number of host interfaces who are connected to the same router interface may have some similar prefixes. ↩

31. Some sources tell me that the ”/$x$” is not the subnet mask, but the CIDR notation. The subnet mask is a template which identifies which is the portion that is the network prefix and which is the unique host identifier bits. Prefix is bits which are 1 (or 255 in decimal format) in the address, while 0 is the host identifier. ↩

32. Key emphasis on classless in its name. It replaced the old way which utilized classes, and thereby making it limited and fixed. CIDR made subnet masking more flexible. ↩

33. When other routers check the routing table, they will use longest-prefix matching and find that that ISP advertises the exact address, so it will send it to that instead of the other ISP, whose subnet address range covers the specific address block of the organization. ↩

34. this is an example of non-hierarchical addressing ↩

35. therefore is the one that also gives address blocks to ISPs ↩

36. not actually permanent, just shorthand for “it’s same IP address each time unless configuration is changed by admin” ↩

37. yiaddr (or your address) is the address to be allocated to new arriving client ↩

38. Check p. 344 for the detailed problem ↩

39. For example, in P2P connections, servers wait for incoming requests from well-known port numbers. Peers acting as servers also need to accept incoming connections. ↩

40. Check p. 358 to p. 360 for examples (i.e. forwarding, load balancing, firewalling) ↩

41. This section was a bit rushed, check p. 361 for more info ↩