Home Tekniikka IP-datagrammi

IP-datagrammi



Introduction

TheprotocolunitofIPprotocolcontroltransmissioniscalledIPdatagram(IPDatagram,IPdatagram,IPpacketorIPpacket).TheIPprotocolshieldsthedifferencesbetweenthevariousphysicalsubnetsofthelowerlayer,andcanprovideIPdatagramsinauniformformattotheupperlayer.TheIPdatagramadoptsthedatagrampackettransmissionmethod,andtheserviceprovidedisaconnectionlessmethod.TheformatoftheIPdatagramcanexplainwhatfunctiontheIPprotocolhas.AnIPv4datagramconsistsofaheaderandadata.Amongthem,thedataisthedatathattheupperlayerneedstotransmit,andtheheaderisthecontrolinformationaddedforthecorrecttransmissionoftheupperlayerdata.Thefirstpartoftheheaderhasafixedlength,atotalof20bytes,whichismandatoryforallIPdatagrams.Behindthefixedpartoftheheaderisanoptionalfieldwithvariablelength.

Rakenne

Kiinteä osa

(1)Versioon 4 numeroa, mikä viittaa IP-protokollan versioon. Molempien osapuolten käyttämän IP-protokollan version on oltava sama.Laajalti käytetty IP-protokollaversionumero on4.

(2)Headerlengthoccupies4digits,andthelargestdecimalvaluethatcanberepresentedis15.Pleasenotethattheunitofthenumberrepresentedbythisfieldisa32-bitwordlength(a32-bitwordlengthis4bytes).Therefore,whentheIPheaderlengthis1111(thatis,15indecimal),theheaderlengthreaches60byte.WhenthelengthoftheheaderoftheIPpacketisnotanintegermultipleof4bytes,thelastpaddingfieldmustbeusedtofillit.Therefore,thedatapartalwaysstartsatanintegermultipleof4bytes,whichismoreconvenientwhenimplementingtheIPprotocol.Thedisadvantageoftheheaderlengthbeinglimitedto60bytesisthatitmaynotbeenoughsometimes.Butthisisdoneinthehopethatuserswillminimizeoverhead.Themostcommonlyusedheaderlengthis20bytes(thatis,theheaderlengthis0101),andnooptionsareusedatthistime.

(3)DifferentiatedServicessijoittaa 8 asemaa saadakseen parempia palveluja.Tätä kenttää kutsuttiin palvelutyypiksi vanhassa standardissa, mutta sitä ei ole tosiasiallisesti käytetty. Vuonna 1998 IETF nimettiin uudelleen DifferentiatedServices (DS) -alaksi.

(4)KokonaispituusKokonaispituus tarkoittaa otsikon ja tietojen summan pituutta, tavuina.Kokonaispituus on16 bittiä, joten datagrammin enimmäispituus on2^16-1=65535 tavua.

EachdatalinklayerbelowtheIPlayerhasitsownframeformat,includingthemaximumlengthofthedatafieldintheframeformat,whichiscalledtheMaximumTransferUnit(MTU).Whenadatagramisencapsulatedintoalinklayerframe,thetotallengthofthedatagram(thatis,theheaderplusthedatapart)mustnotexceedtheMTUvalueofthedatalinklayerbelow.

(5)Identification(identification)occupies16digits.TheIPsoftwaremaintainsacounterinthememory.Eachtimeadatagramisgenerated,thecounterisincrementedby1,andthisvalueisassignedtotheidentificationfield.Butthis"identification"isnotasequencenumber,becauseIPisaconnectionlessservice,andthereisnoproblemofsequentialreceptionofdatagrams.WhenadatagrammustbefragmentedbecauseitslengthexceedstheMTUofthenetwork,thevalueofthisidentificationfieldiscopiedtotheidentificationfieldofalldatagrams.Thevalueofthesameidentificationfieldenableseachdatagramafterfragmentationtobefinallyreassembledintotheoriginaldatagramcorrectly.

(6)Lippu(lippu)varaa 3 numeroa, mutta vain 2 numeroa ovat merkityksellisiä.

●Lippukentän alin bitti on merkitty MF(MoreFragment).MF=1tarkoittaa, että takana on "fragmentoituja" datagrammeja.MF=0tarkoittaa, että tämä on useista tietogrammifragmenteista.

●Lippukentän keskellä oleva bitti on merkitty DF:ksi (Don’t Fragment), mikä tarkoittaa, että "ei voi olla pirstoutunut". Sirpaloituminen on sallittua vain, kun DF=0.

(7)Chipoffsetvaraa 13 bittiä.Sipupoikkeama ilmaiseepalansuhteellisen sijainninalkuperäisessä ryhmässäpidemmän ryhmän siivutuksen jälkeen.Toisin sanoen,suhteessa käyttäjätietokentän alkuun, josta kappaleet alkavat. Jokaisen fragmentin on oltava kokonaislukumonia 8 tavua (64 bittiä).

(8)TimetoLiveoccupies8digits.ThecommonlyusedEnglishabbreviationforthetimetolivefieldisTTL(TimeToLive),whichindicatesthelifetimeofthedatagraminthenetwork.Thisfieldissetbythesourceofthedatagram.ItspurposeistopreventundeliverabledatagramsfromgoingaroundtheInternetindefinitely,thusconsumingnetworkresourcesinvain.TheoriginaldesignusessecondsastheunitofTTL.Everytimeitpassesthrougharouter,theTTLissubtractedfromtheperiodoftimethedatagramisconsumedbytherouter.Ifthetimeconsumedbythedatagramontherouterislessthan1second,theTTLvalueisreducedby1.WhentheTTLvalueis0,thedatagramisdiscarded.Later,thefunctionoftheTTLfieldwaschangedto"hoplimit"(butthenameremainsunchanged).TherouterreducestheTTLvalueby1beforeforwardingthedatagram.IftheTTLvalueisreducedtozero,thedatagramisdiscardedandnolongerforwarded.Therefore,theunitofTTLisnolongerinseconds,butinhops.ThemeaningofTTListospecifyatmosthowmanyroutersadatagramcanpassthroughinthenetwork.Obviously,themaximumnumberofroutersthatadatagrampassesonthenetworkis255.IftheinitialvalueofTTLissetto1,itmeansthatthedatagramcanonlybetransmittedinthelocalareanetwork.

(9)Protocoloccupies8bits,andtheprotocolfieldindicateswhichprotocolisusedforthedatacarriedinthisdatagram,sothattheIPlayerofthedestinationhostknowsthatthedatapartshouldbeuploadedWhichprocesstohandover.

(10)Ensimmäinen tarkistussummaon 16 paikkaa.Tämä kenttä tarkistaa vain tietogrammin otsikon, mutta ei sisällä dataosaa. Tämä johtuu siitä, että joka kerta datagrammi kulkee läpi ulomman, ulomman on laskettava uudelleenotsakkeen tarkistussumma. Tiedonosien tarkistaminen voi vähentää laskennan työmäärää.

(11)Lähdeosoitevaraa 32 bittiä.

(12)Kohdeosoitevaraa 32 bittiä.

Variablepart

ThevariablepartoftheIPheaderisanoptionalfield.Theoptionfieldisusedtosupporttroubleshooting,measurement,andsecuritymeasures,andthecontentisveryrich.Thelengthofthisfieldisvariable,rangingfrom1byteto40bytes,dependingontheselecteditem.Someoptionitemsonlyrequire1byte,anditonlyincludes1byteofoptioncode.Buttherearesomeoptionsthatrequiremultiplebytes.Theseoptionsarespliced​​onebyonewithoutaseparatorinthemiddle.Finally,apaddingfieldofall0sisusedtofillinanintegermultipleof4bytes.

AddingthevariablepartoftheheaderistoincreasethefunctionoftheIPdatagram,butitalsomakesthelengthoftheheaderoftheIPdatagramvariable.Thisincreasestheoverheadforeachroutertoprocessdatagrams.Infact,theseoptionsarerarelyused.ThenewIPversionIPv6makestheheaderlengthoftheIPdatagramfixed.Theseoptionsaredefinedasfollows:

(1)Turvallisuus- ja käsittelyrajoitukset (käytetään armeija-alalla)

IP datagram

(2)Tallenna polku (ilmoita reitittimen IP-osoite)

(3)TimeStamp(LeteachrouterwritedowntheIPaddressandlocaltimeofeachrouterthattheIPdatagrampassesthrough)

(4)RelaxLooseSourceRoute(määritä sarja IP-osoitteita, jotka on välitettävä datagrammien kautta)

(5)StrictSourceRoute(samanlainen lähdereitti,Mutta vaaditaan vainnäihin määritellyihin osoitteisiin,ei muihin osoitteisiin)

Theseoptionsarerarelyused,andnotallhostsandrouterssupporttheseoptions.

InternetIPprotocol

IPprotocoloverview.TheInternetProtocolorInternetProtocol(IP)isadata-orientedprotocolusedinthemessageexchangenetwork.Itisastandardprotocolfornetworklayercommunication.Itisresponsibleforprovidingbasicdatapackettransmissionfunctions,sothateverydatapacketisAbletoreachthedestinationhost,butdoesnotcheckwhetheritisreceivedcorrectly.TherearefourprotocolsusedinconjunctionwiththeIPprotocol:AddressResolutionProtocolARP,ReverseAddressResolutionProtocolRARP,InternetControlMessageProtocolICMP,andInternetGroupManagementProtocolIGMP.

ThetransmissionofIPdatagramsinavirtualinterconnectionnetwork.Forexample,asourcehostintheInternetwantstosendanIPdatagramtothedestinationhost.Accordingtotheconceptofpacket-switchedstoreandforward,thesourcehostmustfirstlookupitsownroutingtabletoseeifthedestinationhostisonthenetwork.Ifitis,youdonotneedtogothroughanyroutersbutdirectlydeliver,andthetaskiscompleted.Ifnot,youmustsendtheIPdatagramtoarouterA.Afterlookingupitsownroutingtable,AknowsthatitshouldforwardthedatagramtorouterBforindirectdelivery.Inthisway,itkeepsforwarding.Finally,routerCknowsthatitisconnectedtothesamenetworkasthedestinationhostanddoesnotneedtouseotherroutersforforwarding,soitdeliversthedatagramdirectlytothedestinationhost.Thevariousnetworkscanbeheterogeneous.

IPaddress.TheIPaddressistoassignauniqueidentificationworldwideforeachnetworkconnection(networkcard).ThesourceIPaddressandthesinkIPaddressinthemessageheaderrespectivelyindicatetheIPlogicaladdressesofthesourcehostandthedestinationhost.TheIPaddresshasalengthof32bitsandiscomposedofanetworknumberandahostnumber.CommonlyusedIPaddressesincludeclassA,classB,andclassCaddresses,androuterswilladdressthemaccordingtotheIPaddress.TheInternetgenerallyadoptstheIPprotocol.TheIPprotocolrunninginthenetworkisIPv4;IPv6isasubsequentversionofIPv4.TheInternetisslowlyrunningoutofIPaddresses,andtheemergenceofIPv6hassolvedthisproblem.Comparedwiththe32-bitaddressofIPv4,IPv6hasa128-bitaddressspacethatcanprovidemuchmoreaddressesthantheformer.

IPlayerforwardspackets.IntheTCP/IPsystem,routingreferstotheprocessofselectingapathfortransmittingIPdatapacketsinthenetwork.Arouterisanetworkdevicethatundertakesroutingtasks.Theinformationusedfordecision-makingandroutingiscalledIProutinginformation.TherouterusestheIProutinginformationtoperformIPforwardingonthetransmittedIPdatapackets.

IPdatagramheader-tarkastus

Periaate

TheIPdatagramheaderischeckedandverifiedtoensureitscorrectness.ThesenderdividestheheaderoftheIPdatagramintomultiple16-bitsmalldatablocksinorder.Theinitialvalueoftheheaderchecksumfieldissetto0,andthe16-bitsmalldatablocksaresummedwith1’scomplementalgorithm,andfinallyComplementtheresultagaintogetthefirstchecksum.Thecalculatedheaderchecksumisfilledbackintotheheaderchecksumfieldofthedatagram,encapsulatedintoaframe,andsenttothenexthopdeviceleadingtothesink.

Asthereceiver,thenext-hopdevicedividestheheaderofthereceivedIPdatagramintomultiple16-bitsmalldatablocks,andcalculatesthe16-bitsmalldatablockwith1’scomplementalgorithm.And,finally,theresultiscomplemented.Iftheresultis0,thecorrectnessoftheheaderofthedatagramisverified.Whenthesenderuses1'scomplementtocalculatethesum,thefirstchecksumfieldissettoO,whichmeansthatitdidnotparticipateinthecalculation.Thechecksumafterthecomplementisexactlytheoppositeoftheoriginalchecksum.Whenthereceiveruses1’scomplementtocalculatethesum,sincethenewheaderchecksumfieldhasbeenadded,thesumshouldbe0xffffiftheheaderhasnotchanged.Therefore,theresultofthecomplementshouldbe0x0000.

Merkitys

IPdatagramsdonotverifytheirdataareaduringtransmission.Therearetworeasonsforthis:

TheIPprotocolisapoint-to-pointprotocol.Ifeverypointinthetransmissionprocesschecksthedata,itwillinevitablyincreasethecost,whichisinconsistentwiththeIP"bestefforttransmission"idea.Leavethereliabilitytoahigherleveltosolve,whichcannotonlyensurethereliabilityofthedata,butalsogetgreaterflexibilityandefficiency.BecausetheuppertransportlayeroftheIPlayerisanend-to-endprotocol,thecostofend-to-endverificationismuchsmallerthanthatofpoint-to-pointverification,especiallywhenthecommunicationlineisbetter.Inaddition,theupperlayerprotocolcanchoosewhethertoperformverificationaccordingtotherequirementsfordatareliability,andevenconsiderusingdifferentverificationmethods,whichbringsgreatflexibilitytothesystem.

ThenwhydoestheIPprotocolprovideaverificationfunctionfortheIPdatagramheader?Ontheonehand,theIPheaderbelongstothecontentoftheIPlayerprotocolandcannotbeprocessedbytheupperlayerprotocol.Ontheotherhand,somefieldsintheIPheaderareconstantlychangingduringthepoint-to-pointtransmissionprocessandcanonlybereformedateachintermediatepoint.Verifythedataandcompletetheverificationbetweenadjacentpoints.

IPpacketmonitoringtechnologyforlocalareanetwork

WiththerapiddevelopmentofcomputerInternettechnology,thenetworkhaspenetratedintopeople’slivesandhasaverycloseconnectionwithourlives.Partofourlives.Hackersattackournetworkthroughcomplexandchangeablenetworkattacks,invadingourInternet,andcausingourInternettohaveaconsiderablesecuritythreat.Theycaninterceptthedatapacketsbeingtransmittedinthelocalareanetworkandthenanalyzethedatapackets.,Toobtainaseriesofdata,resultinginallourpersonalinformationandprivacyexposed,andevencausedincalculablelosstoourpersonalproperty.IfyouuseIPpacketmonitoringtechnology,youcanobtainhackerintrusioninformationintime,andpreventhackersfromintrudinginadvancetopreventhackersfromtakingadvantageofitandprotectourinformationsecurity.Networkmonitoringisaveryimportanttechnologytoprotectinformationsecurity.Itcandiscoversecurityproblemsinthenetworkintime,whichisbeneficialtomaintainingthesecurityofthecomputerInternetnetwork.

ThestructureoftheLANIPdatapacketThestructureoftheLANIPdatapacketismainlycomposedofthreeparts,whichinclude"destinationIPaddress","sourceIPaddress"and"data",amongwhich"sourceIPaddress""Isusedtoindicatewherethedatapacketissentfrom;the"destinationIPaddress"isusedtodeclarewherethedatapacketwillbesent;the"data"partcontainsthedetailedandspecificdatainthedatapacketinformation.ThestructureoftheLANIPdatapacketisverysimilartothee-mailboxusedinourdailylife,anditispreciselybecauseofthisstructurethatitcancommunicatenormallyinacomputernetworkbasedontheTCP/IPprotocol.

Networkmonitoringisactuallyatechnologythatusesacomputer'snetworkinterfacetoobtaindatafromothercomputers.Thistechnologycanmonitorthecurrentnetworktrafficandillegallystealconfidentialfileinformationtransmittedonthenetwork.Thebasicprincipleoflocalareanetworkmonitoringisthatwhendataistransmittedinthelocalareanetworkenvironment,thedatapacketcontainingthephysicaladdressissenttoeachhostthroughthelocalareanetwork.Whenthedatapacketreachesthehostnetworkcard,undernormalcircumstances,thenetworkcardwillcheckReturnwhetherthephysicaladdressofthedatapacketisthesameasthephysicaladdressorbroadcastaddressofthemachine,ifitisthesame,itwillbehandedovertotheIPlayerforprocessing,andifitisnotthesame,thedatapacketwillbediscarded.Whenthenetworkcardofahostisinpromiscuousmode,alldatapacketsarrivingatthecomputerwillbehandedovertotheIPlayerforprocessing.Evenifthephysicaladdressofthedatapacketisdifferentfromthephysicaladdressofthemachine,itwillnottransferthedata.Thepacketisdropped.Therefore,inalocalareanetworkenvironment,alldatapacketstransmittedonthesamerootnetworkwirewillbereceived,andthenthroughtheanalysisandcrackingofthereceiveddata,thedatathattheuserwantscanbeobtained.

RouterIPdatapackettrafficstatistics

Arouterisadevicethatconnectsmultiplenetworksandnetworksegments.Itcandecodeandre-encodeinformationfromdifferentnetworksandnetworksegments.,Sothatthenetworkscanbeconnectedtoeachother,theroutercanchoosethemosteffectiveandsimplestpathtoconnecttoothernetworksaccordingtothedestinationaddressofthedatapacket,andthenformalargernetwork,sothatthenetworkcanbemaximized.ResourceSharing.Itisthethroatthroughwhichtrafficdataentersandexits.AllnetworktrafficfromtheLANtotheInternetmustpassthroughtherouter.Therefore,therouterplaystheroleofdatacollection.Therearealsomanywaystocollectnetworktrafficdatathroughrouters,suchastheshowIPaccountcommand,SNMPprotocol,andTelnetprograms.BecausethemainfunctionoftherouteristohelpIPdatapacketstochoosethecorrectrouteandreachthedestinationaddressmorequicklyintime,therefore,weusuallydonotuseitsownrecordingfunctiontoobtainnetworktrafficstatistics,otherwiseitwillgreatlyreducetherouter’sSelectfunction.WegenerallyusethemethodofSNMPprotocolandTelnetprogramtoobtainthetrafficstatisticsofdatapacketsfromtherouter.

Therearemanywaystocountnetworkdatatraffic.Eachmethodhasitsadvantagesanddisadvantages.Thestatisticalmethodofnetworkdatatrafficthroughroutershasthefollowingcharacteristics:

Tietoliikenteen tarkat tilastot

Becausetherouteristhethroatoftheflowdata,itisanimportantdevicetorealizetheinterconnectionbetweennetworks,andthecommunicationbetweenthenetworksmustbeconvertedbytherouterTobedone.Thetaskoftherouteristoselectthecorrespondingrouteaccordingtothedestinationaddressofthedatapacket,andthenconnectwithothernetworks.Therefore,theroutercanaccuratelyreflectthenetworkdatatrafficexceptforinandout.

Tee laskutuspalvelimesta, jota ei rajoiteta sijainnin mukaan

Theultimatepurposeofstatisticsandmonitoringofnetworkdatatrafficistochargeforit,duetovariousThelimitationofthestatisticalmethoditselfmakestheaccountingservermustbeplacedintheaccountingnetworksegment.Asaresult,asmanybillingserversareneededastherearebillingnetworksegments,whichgreatlyincreasestheworkload.Andifyouusearouter,youwillgettwicetheresultwithhalftheeffort.Aslongasthebillingservercanaccesstherouterwherethenetworksegmentislocated,onebillingservercancompletethedatacollectionofallnetworktraffic.AsforwherethebillingserverislocatedThebillingnetworksegmentisnotimportant.Moreover,therouterusedinthisbillingdoesnotneedtobetoocomplicated,nordoesitneedtoaddotherhardware,soitissimplertoimplementthanotherbillingmethods.

Johdonmukaisuus muiden verkonhallintatoimintojen kanssa

TheInternetusesthestandardnetworkmanagementprotocolSNMP,androutersalsomainlyusetheLoftheSNMPprotocol.Orderthestatisticsandmonitoringofnetworkdatatraffic.Thisensuresconsistencywithothernetworkmanagementfunctionsindatacollectionmethods.

Haitat

Ontheonehand,themainfunctionoftherouteristorealizetheroutingofdata,tohelpthedatapacketchoosethefastestpath,sothatitcantransferthedataassoonaspossible.Sendtothedestinationaddress.However,theuseofrouterstocollectstatisticsonnetworkdatatrafficwilltakeupadditionalmemoryandCPUoverheadoftherouter.Especiallyfornetworkswithrelativelylargecommunicationtraffic,thecontradictionwillbemoreprominent.Seriously,itwillcausethechargingbuffertooverflow,causethelossofincomingandoutgoingtrafficdata,andultimatelyaffectthenetworkspeed.Ontheotherhand,therouterperformstrafficaccountingforIPaddresses,soitdoesnotsupporttrafficaccountingforusers,norcanitpreventpeoplefromembezzlingIPaddresses,soitwillalsoaffectthestatisticsandmonitoringofnetworkdatatraffic.

This article is from the network, does not represent the position of this station. Please indicate the origin of reprint
TOP