Upload
stewart-craig
View
255
Download
0
Tags:
Embed Size (px)
Citation preview
Chapter 7
Support infrastructure for networkingDHCP, NAPT, ARP, DNS
Contents
• DHCP (Dynamic host configuration protocol)• RFC 1918 non-routable addresses• Network address translation• Address resolution protocol• Domain Name System• Home networking
2
DHCP ARPHome
networkingDNSNATRouting
DHCP
• A big part of the usefulness of IP addresses is the flexibility in their assignment
• However, manual assignment is very prone to errors
3
DHCP ARPHome
networkingDNSNATRouting
IP address allocation efficiency
• With 32-bit addresses, there can be 232 = 4 billion addresses
• However, these addresses are not assigned very efficiently
• Further, at any given time, only a small fraction of the computers are actually communicating with other computers outside the organization
4
DHCP ARPHome
networkingDNSNATRouting
Solving IP address availability
• So, the real fear is that we could be running out of IP addresses
• The long-term solution is to increase the pool of IP addresses– IPv6 is this solution
– Provides trillions of IP addresses/ square foot of the Earth’s surface
• Dynamic host control protocol (DHCP) is one part in a 3-part short-term solution
5
DHCP ARPHome
networkingDNSNATRouting
The DHCP solution
• DHCP enables programmatic assignment and collection of IP addresses
• Defined in RFC 2131 (March 1997)• Addresses may be allocated in 3 ways:
– Automatic
– Manual
– Dynamic6
DHCP ARPHome
networkingDNSNATRouting
DHCP dynamic allocation
• Allows automatic reuse of an address when it is no longer needed by the computer to which it was assigned
• Each subnet has access to at least one DHCP server
• All DHCP clients look for a DHCP server upon startup to get network parameters
7
DHCP ARPHome
networkingDNSNATRouting
DHCP server and client settings
DHCP ARPHome
networkingDNSNATRouting
DHCP operation timelineClient
Server (not selected)
Server (selected)
Begins initialization
DHCP DISCOVER DHCP DISCOVER
Determines configuration
Determines configuration
DHCP OFFERDHCP OFFER
Collects replies
Selects configuration
DHCP REQUEST DHCP REQUEST
Commits configuration
DHCP ACK
Initialization complete
Graceful shutdown
Lease discarded
DHCP RELEASE
9
DHCP ARPHome
networkingDNSNATRouting
DHCP dynamic allocation
• The DHCP server provides an IP address for a fixed duration in response to a client’s DHCP request
• The DHCP server also provides all network configuration information the client needs to operate
10
DHCP ARPHome
networkingDNSNATRouting
DHCP – address leasing
• Duration of address assignment is called lease-time
• The client can request the DHCP server for an extension of the lease before the lease expires
• In a typical DHCP client-server interaction– Client sends a DHCP DISCOVER– Server responds with DHCP OFFER– DHCP REQUEST broadcasts client selection– Selected server sends DHCP ACK
11
DHCP ARPHome
networkingDNSNATRouting
Sample dhcpd.confoption domain-name “datacomm.example.com";option domain-name-servers 10.1.1.1, 10.2.1.1, 10.3.1.1;option routers 10.1.1.254;option subnet-mask 255.255.255.128;default-lease-time 21600;
subnet 10.1.1.128 netmask 255.255.255.128 { range 10.1.1.236 10.1.1.253;}
host www {hardware ethernet 00:06:5B:CE:39:05;fixed-address 10.1.1.2;host-name “www.datacomm.example.com";
}
Dynamic allocation range
Manual allocation
Network options
12
DHCP ARPHome
networkingDNSNATRouting
Non-routable Addresses
• Address reuse– Second component of 3-part short-term solution
to the shortage of IP addresses• Certain IP addresses have been defined to be
reusable as many times as necessary
• Defined in RFC 1918 (1996)
13
DHCP ARPHome
networkingDNSNATRouting
Non-routable address blocks
• Three blocks have been defined in RFC 1918– 10.0.0.0 - 10.255.255.255 (10/8 prefix)– 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)– 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
• Any person or organization may use these addresses internally without any co-ordination with any Internet registry
• Routers do not advertise routes with non-routable addresses to other organizations
14
DHCP ARPHome
networkingDNSNATRouting
Using non-routable addressesE
xte
rna
l IP
24
.26
.79
.19
Internal IP192.168.2.1 192.168.2.3
192.168.2.2
Home 2NAPT
DHCP ARPHome
networkingDNSNATRouting
Network Address Translation (NAT)
• Third component of 3-part solution to IP address shortage
• Definition (RFC 2663)– Method by which IP addresses are mapped from
one address block to another, providing transparent routing to end hosts
16
DHCP ARPHome
networkingDNSNATRouting
NAT
• NAT is specified in RFC 3022• Until IPv6 is universally deployed, NAT and RFC
1918 expands the availability of IP addresses
• Many experts hate NAT because it does not preserve IP addresses end-to-end
17
DHCP ARPHome
networkingDNSNATRouting
Basic NAT operation
18
192.
168.
2.0/
24
65.3
2.2
6.70
192
.16
8.2
.1
To 131.247.80.88 65.32.0.0/15
NAT routerN
etw
ork
b
ord
er
Internal (home) networkExternal (ISP) network
192.168.2.3
12
3 4
Source address: 192.168.2.2Destination address: 131.247.80.88
Source address: 65.32.26.70Destination address: 131.247.80.88
Source address: 131.247.80.88Destination address: 65.32.26.70
Source address: 131.247.80.88Destination address: 192.168.2.2
192.168.2.2
Direction
Out
In
Field
IP Source
IP destination
Old
192.168.2.2
65.32.26.70
New
65.32.26.70
192.168.2.2
NAT forwarding table
DHCP ARPHome
networkingDNSNATRouting
NAT in use
• The single external IP address can support many clients in the internal network
• The NAT router translates between internal IP addresses and its own external address
• Designed to support outbound connections from the internal network
19
DHCP ARPHome
networkingDNSNATRouting
Using NAPT and RFC 1918 addresses
Carrier
External IP24.26.79.18
192.168.2.2
192.168.2.3
Ext
erna
l IP
24.2
6.79
.19
Internal IP192.168.2.1
Internal IP192.168.2.1 192.168.2.3
192.168.2.2
Home 1
Home 2NAPT
NAPT
20
DHCP ARPHome
networkingDNSNATRouting
Network Address Port Translation
• Abbreviated as NAPT
• Described in RFC 3022• NAPT can vastly expand the availability of
IP addresses by enabling each IP address to serve up to 65,536 separate connections to each remote host
21
DHCP ARPHome
networkingDNSNATRouting
Address Resolution Protocol (ARP)
• ARP is used to find Ethernet addresses at the data-link layer for destinations with a known IP address
• Defined in RFC 826 (1982)• Global routes are composed of a sequence of
next hops
22
DHCP ARPHome
networkingDNSNATRouting
Need for ARP
• But to physically send the packet to the next hop, we need to know its Ethernet (MAC) address
• ARP is used to discover the MAC address of the device at the next hop when its IP address is known
• ARP links addressing at 2 layers – network and data link
23
DHCP ARPHome
networkingDNSNATRouting
ARP operation
24
192.168.2.13
Internet
192.168.2.11
192.168.2.12Router A
192.
168.
2.1
1
Who has 192.168.2.1, tell 192.168.2.11
2
192.168.2.1 is at00:11:43:AB:AA:02
DHCP ARPHome
networkingDNSNATRouting
ARP operation
• Before the first packet in a stream is transmitted, the sender creates a special packet called an ARP request and broadcasts it on the LAN
• The computer/ router with the address replies with its MAC address
25
DHCP ARPHome
networkingDNSNATRouting
ARP packets
• ARP request– Sender MAC Address : 00:11:50:3a:da:22– Sender IP address : 192.168.2.11– Target MAC Address : 00:00:00:00:00:00– Target IP address : 192.168.2.1
• ARP response– Sender MAC Address : 00:18:8b:c9:24:6b– Sender IP address : 192.168.2.1– Target MAC Address : 00:11:50:3a:da:22– Target IP address : 192.168.2.11
Plac
e-ho
lder
ad
dres
s
Resp
ons
e fr
om
targ
et
26
DHCP ARPHome
networkingDNSNATRouting
ARP data
• Resolved MAC addresses are saved in cache for some time
27
DHCP ARPHome
networkingDNSNATRouting
Domain name system (DNS)
• Computers are uniquely identified on the Internet by their IP addresses
• However, IP addresses are not very easy to remember
• The domain name system was developed to make it easier for humans to identify computers
28
DHCP ARPHome
networkingDNSNATRouting
DNS use
29
Internet
Client192.168.2.11
Router A
192
.168
.2.1
1
Standard querywww.ub.edu
2
Standard query responsewww.ub.edu is at 128.205.4.175
DHCP ARPHome
networkingDNSNATRouting
The need for a Name Service
• Initially, the Internet was small, and all users maintained a hosts file to translate names to IP addresses– Entries appeared as follows:
131.247.222.249 www.usf.edu
• The need was recognized for a system
30
DHCP ARPHome
networkingDNSNATRouting
DNS
• The solution was domains and DNS– RFC 1034– RFC 1035
• Domain names are arranged hierarchically, originating from a common root– Hierarchy based on administrative structure, e.g.
• .edu– usf.edu
» coba.usf.edu
• As we move from right to left, domain names identify increasingly specific units of the network
31
DHCP ARPHome
networkingDNSNATRouting
Domain naming hierarchy.
com edu org
google youtube
groups www
ucf usf ub
coba ismlab
dcom
caida
Naming universe
Top level domains
Endpoint domains
dcom.ismlab.usf.edu.
www
www.usf.edu.
Intermediate domains
32
DHCP ARPHome
networkingDNSNATRouting
Domain hierarchy
• The name at each hierarchical level is a domain– Domains are sub-domains of their parent domains– The domain’s name includes all names to its right
– Each domain maintains jurisdiction over its immediate sub-domains, and only these sub-domains
– Each domain is responsible to translating these sub-domain names to IP addresses
33
DHCP ARPHome
networkingDNSNATRouting
Domain names
• The rightmost part of all domain names is . which represents the entire Internet
• All domain names are unique
• The hierarchical structure of the Internet enables delegation of naming services
34
DHCP ARPHome
networkingDNSNATRouting
Top level domains
• A number of top-level domains have been created– Root zone database at www.iana.org– Open domains
• Anybody can register– .com, .biz, .org, .net, .info
– Limited domains• Conditions must be satisfied for membership
– .edu, .int, .gov, .mil, .pro (licensed doctors, attorneys and accountants)
– Industry-specific domains
– Country domains
35
DHCP ARPHome
networkingDNSNATRouting
DNS lookups
• Every computer on the Internet knows the IP address of a name server it can use
• When a user types a URL, the resolver in the computer first asks its name server for the IP address corresponding to this URL
36
DHCP ARPHome
networkingDNSNATRouting
Typical DNS Query# dig www.buffalo.edu @ mother.usf.edu
;; Got answer:;; QUESTION SECTION:;www.buffalo.edu. IN A
;; ANSWER SECTION:www.buffalo.edu. 86400 IN A 128.205.4.175
;; AUTHORITY SECTION:buffalo.edu. 71951 IN NS ns.buffalo.edu.buffalo.edu. 71951 IN NS sybil.cs.buffalo.edu.Buffalo.edu. 71951 IN NS accuvax.northwestern.edu.
;; ADDITIONAL SECTION:ns.buffalo.edu. 71951 IN A 128.205.1.2sybil.cs.buffalo.edu. 53404 IN A 128.205.32.8accuvax.northwestern.edu. 11624 IN A 129.105.49.1
;; Query time: 3 msec;; SERVER: 131.247.100.1#53(mother.usf.edu)
Query Name server
IP address
Name servers
Security measure
NS IP address
Success
37
DHCP ARPHome
networkingDNSNATRouting
DNS Operation
• Domains are called zones in the context of the domain name service
• Name servers have two kinds of data
• If the name for a foreign zone is requested, a recursive query results if there is no entry in cache
38
DHCP ARPHome
networkingDNSNATRouting
Recursive DNS query resolutionLocal name server
Client resolver
“.”
name server
usf.edu.name server
edu.
name server
.
orgcom
edu
usf ub
Res
olv
er q
uer
yW
hat
is th
e IP
add
ress
of
ww
w.u
sf.e
du?
An
swer
The
IP a
ddre
ss o
f ww
w.u
sf.e
du is
131.
247
.80.
88
Query for the IP address of www.usf.edu
Referral to .edu name server
Query for the IP address of www.usf.edu
Referral to usf.edu name server
Query for the IP address of www.usf.edu
IP address of www.usf.edu
1
2
3
4
5
6
7
8
39
DHCP ARPHome
networkingDNSNATRouting
DNS query resolutionpns:~# dig +trace www.usf.edu; <<>> DiG 9.2.4 <<>> +trace www.usf.edu
. 77639 IN NS E.ROOT-SERVERS.NET.(and other root name servers)
edu. 172800 IN NS E.GTLD-SERVERS.NET.(and other .edu name servers)
usf.edu. 172800 IN NS justincase.usf.edu.usf.edu. 172800 IN NS mother.usf.edu.(and other usf.edu name servers)
www.usf.edu. 600 IN A 131.247.80.88
40
DHCP ARPHome
networkingDNSNATRouting
IP address volatility and the benefit of DNS
DHCP ARPHome
networkingDNSNATRouting
DNS Configuration$TTL 86400
@ IN SOA pns.example.com. hostmaster.example.com. (serial 2008072701
)
IN NS pns.example.com.IN MX 10 mail.example.com.
pns A 192.168.16.129www A 192.168.16.129 mail A 192.168.16.130
test NS demodemo A 192.168.16.143
Time to live
NS start of authority Admin email: [email protected]
Name server update counter
Resource recordswww.example.com is at
192.168.16.129
Delegation: NS for test.example.com is atdemo.example.com (192.168.16.143)
42
DHCP ARPHome
networkingDNSNATRouting
DNS Configuration
• The administrator for the .com. domain delegates authority for example.com
• The example.com name server authoritatively defines the IP addresses for all resources in its domain
• example.com delegates responsibility for test.example.com to demo.example.com
43
DHCP ARPHome
networkingDNSNATRouting
DNS Configuration
• TTL– Zones will not change for the next 86400 seconds
(1 day)• Foreign NS can cache query results for 1 day
• Serial– NS keeps track of last serial number– If serial number > last serial number
• NS broadcasts entire zone table to backup NS
44
DHCP ARPHome
networkingDNSNATRouting
Putting it all together: Home networking
• We have now seen all the components used to build home networks using off-the-shelf wireless routers
• The wireless router acts as a NAPT router and DHCP, DNS server
45
DHCP ARPHome
networkingDNSNATRouting
Home networking
(1) ipconfig output on home computer
(2) Wireless router status page
Wireless router provides network services on internal
address
WAN address visible to outside world
(3) External IP address
46
DHCP ARPHome
networkingDNSNATRouting
Home networking
• WAN IP address can be looked up at ARIN website
Summary
• Why DHCP• Why non-routable IP addresses• Why ARP• Why DNS• Components of home network
Case study – Yahoo! Stores
• DNS and virtual hosting enable ISP services• For example, consider Yahoo! stores# nslookup www.green-tooth.com
– Non-authoritative answer:– www.green-tooth.com canonical name = stores.yahoo.net.– stores.yahoo.net Address: 68.142.205.137– www.invitationshack.com canonical name = stores.yahoo.net.– stores.yahoo.net Address: 68.142.205.137
Case study – Yahoo! stores
Internet
DNS server
Client
Web sites folder
example_com
example_org
example_net
www.example.org
www.example.net
www.example.com
www.example.org
www.example.net
www.example.com
Web server
Hands-on exercise
• nslookup
Network design exercise
• Services requiring externally addressable IP addresses
• Add Internet connection• Include NAPT device