Chapter 23: ARP, ICMP, DHCP CS332 Spring 2016 Victor Norman ARP Caching Q: Can you explain ARP Caching a bit more? Does it do this mainly because it expects to send the same datagram over again or is it more for when the datagram gets split up? I guess I’m still a bit fuzzy on why caching improves performance. A: ARP caching is remembering the results of previous ARPs – so, remembering the binding between MAC address and IP address. This is done purely for efficiency. If you send a packet to one IP address on your network, you will probably send one again. Who does a machine ARP for? Q: Does a machine ARP for a machine that is not on its local LAN? A: No! It is trying to find the MAC address – which means layer 2. So, it is trying to get the packet to its next-hop (which might be the ultimate destination). If the destination address is not on the local network, then the packet is sent to the router, which is on the local network. So, if it needs to, it will ARP for the router’s IP address on the local network. Why have addr type and length? Q: In the ARP packet format, there is a Hardware Address Type field and a corresponding Hardware Address Length field? Isn’t having both redundant? A: LIB… I never of that before. It does seem unnecessary, doesn’t it... ARP cache update Q: Why is it necessary to “replace the MAC address with address M”? A: In case IP address I moved to a different machine. Q: How often does this happen? A: Probably rarely. But, it could happen if a DHCP server runs out of addresses. Q: Does a requestor put a “half-entry” into the table when it sends a request? A: I don’t think so. Comer’s description seems to imply this, though… Q: Why doesn’t ARP ”mark” a cache entry as updated whenever it is used? Thus, the oldest *unused* entries would be removed… A: I don’t know the answer to that... It does seem reasonable. What if… Q: A machine does not answer ARP requests? A: No one talks to it. Q: Two machines answer an ARP request, with their own different MAC addresses? A: Houston, we have a problem! Probably the second response will stay in the cache and the first machine won’t be talked to. ICMP Q: What layer is ICMP at? It is carried in IP packets, so does that make it layer 4? A: The protocol description says that ICMP must be implemented if IPv4 is implemented. So, it is a part of IP at layer 3. Also, it is not a transport protocol, which is what is at layer 4. ICMP for errors only? Q: If ICMP is used to report errors, why is it used to handle pings and traceroutes? A: ICMP is used for network debugging. That’s what pings are for. traceroute makes use of ICMP error messages by setting the TTL too low in the messages it generates. That way the routers will send errors back and traceroute will learn the IP addresses of the routers on the path to the destination. “Parameterized” software Q: Could you explain what is meant by "binary image" in this statement: In essence, protocol software consists of a binary image that is parameterized, and initialization fills in a set of parameters. A: What this means is that the software components (IP, ARP, DHCP, etc.) have to be configured to work on each machine, somehow. DHCP Q: Does DHCP use all 1s (router address) as the destination and all 0s as the source in a request, just like BOOTP did? A: Careful! It does use all 1s (IP broadcast) and all 0s (“this host”) but all 1s is not a “router address”. Q: How is bootstrapping implemented? A: With DHCP! It helps the machine get up and going, from nothing. (Some OSes will even boot up a tiny OS, and then get an image name in the DHCP response, and download (via TFTP) and boot that image.) No DHCP server? Q: What happens if there is no DHCP server in a computer’s broadcast domain? A: It gets no IP address and can’t play with others… Q: Why even have DHCP relay agents? A: In an organization like Calvin’s, it might be really nice to have one DHCP server running, giving out addresses on all VLANs. Then, you have only one server to manage and monitor. DHCP relay agent Q: How does a DHCP relay agent work? A: A relay agent listens on a LAN for a DHCP request. When it receives that request, it encapsulates the information in the request in a special message it sends to the (remote) DHCP server. The server responds to it, and then the agent sends out a DHCP reply, as if it were the actual server. (There are similar servers out there called proxy ARP servers…) NAT • What Comer calls NAPT, everyone else calls NAT. • Private (non-routable) addresses: – Only used behind a NAT or on private networks. – Can be subnetted. – 172.16/12 – 16 contiguous class B blocks? • 172.16, 172.17, 172.18, … 172.31. • NAT has a “private” (or “LAN”) side and a “public” (or ”WAN”) side. • Breaks the rule about the src and dest IP addresses in a packet never being changed as the packet is forwarded. Access to NATted machines Q: Can a computer from a different network send a message to a specific host on a NATted network? A: It cannot initiate a message to a NATted machine. It can only respond to a message initiated by the NATted machine. The translation table entry in the NAT is created when a privateside machine sends a message to a public-side machine. NAT questions Q: What happens if a public-side machine tries to send a message to a private-side machine? Does the NAT broadcast the message? A: No. The NAT drops it. Q: What if I wanted to SSH into one of the hosts on the private side? Is that possible? A: It is not possible unless you set up portforwarding on the NAT. Then, you can ssh to the NAT and you’ll automatically be logging in to the private-side machine. NAT questions Q: Is a NAT similar to a router? What layer does a NAT operate at? A: It operates at layer 3 (mostly), so it is very similar to a router. In fact, I would call it a special kind of router. But, it does know a lot about layer 4 (TCP/UDP) – it can read the port #s and replace them, etc. Old Slides Role of ARP Q: What role does ARP play in the TCP/IP protocol stack? A: See Figure 23.5 on p 389. ARP bridges the Layer 2 / Layer 3 addressing boundary, allowing IP to be agnostic about layer 2’s addressing, and yet still use layer 2 to deliver packets. Note that ARP is designed to work with not just IP and Ethernet, but any pair of protocols. IP vs MAC addresses Q: What is the point of IP addresses if they are just resolved to the computers MAC address? A: An IP address is unique across the entire universe, and so uniquely identifies a destination. A MAC address only identifies a machine on the local network (so it only has to be unique on the local network, although MAC addresses are universally unique). ARP Request/Response Q: How does a machine send a request to another machine to get its MAC if it doesn’t know the MAC of the machine? A: The requesting machine broadcasts the request at layer 2, asking for a certain IP address. All machines on the LAN accept that packet, but only the machine with that IP address responds, using layer 2 to deliver the packet back directly to the requester. (Note: ARP is not carried in an IP packet. It is carried directly on layer 2.) ARP problems Q: Can a network have problems related to address resolution? If so, would the problems mostly arise from the protocol or can there be external factors that cause those problems? A: The only problems I can think of: 1) a machine doesn’t answer ARP requests no one can talk to it; 2) multiple machines answer an ARP request some machines might talk to one machine and some to another, thinking they are talking to the one machine with the unique IP address. “Destination unreachable” Q: About the destination unreachable error on page 390; would that be referring to a computer on a remote network? A: This is reported when either your host machine has no route to the destination network/machine, or, a remote router (a “nexthop” router) has no route to the destination network/machine. DHCP overview Q: Could you explain DHCP a bit more (perhaps with a drawing)? A: Sure. 1) Machine boots up and finds it has not IP address. 2) It broadcasts a DHCP request. 3) The DHCP server allocates an IP address and sends it. 4) The machine receives it and installs the IP address. - The response also typically includes a network mask, default route, and DNS server IP hostname/address. DHCP details Q: What is the "recommended" or "normal" time of a DHCP lease? A: 24 hours, I think. Q: From what I can gather, DHCP is not a necessity. Is that correct? A: Not necessary, but awfully useful. Otherwise, the user has to set the IP address every time the machine is rebooted. DHCP Servers Q: Do you always need a dedicated DHCP server if you want to use DHCP? It seems like it would not take a lot of processing power to hand out addresses. Could this functionality be rolled up with other services on one server? A: DHCP servers typically run on routers or some machine that runs lots of services. Q: Do you need a DHCP server on every LAN? A: Yes, unless you use a relay agent. Configuration Q: Can DHCP be configured any way that the admin wants? Can selective leasing be used to give a specific computer a specific address when the computer boots, even if another computer has that IP address - can the DHCP server take the address back to give to the new computer? A: DHCP can be configured in many different ways. We’ll do this in lab. A server can force a machine to give up an IP address, I think. Fixed addresses? Q: Although DHCP is used extensively, what are the advantages of setting a fixed address assignment are there any? A: I have used fixed IP addresses when I want some network service running on a certain machine with a certain IP address always. E.g., you typically hardcode a router’s interface to be x.y.z.1. Or, maybe you have some license server software and you want to configure all your machines to always to go a certain IP address to get some license for the software. BOOTP vs DHCP Q: Since BOOTP was extended to become DHCP, can you boot a BOOTP client on a DHCP server or vice-versa? A: You can use a BOOTP server with a DHCP client, but not vice versa, I think. The BOOTP server will send out a message a client can understand, but won’t contain all the data the client could receive… I think… How does ARP work? Q: How does ARP work? A: IP hands a packet and a next-hop IP address to layer 2 to forward for it. Layer 2 has to figure out how to get the MAC address for this IP address. It checks its ARP cache for a resolution. If not found, it sends an ARP request and waits for a response. Then, it caches the results and sends to the MAC delivered in the response. ARP Request/Response Q: How does a machine send a request to another machine to get its MAC if it doesn’t know the MAC of the machine? A: The requesting machine broadcasts the request at layer 2, asking for a certain IP address. All machines on the LAN accept that packet, but only the machine with that IP address responds, using layer 2 to deliver the packet back directly to the requester. (Note: ARP is not carried in an IP packet. It is carried directly on layer 2.) Details • The ARP responder caches the MAC/IP of the requester in its ARP cache. • Although all machines on the LAN could update their ARP cache from an ARP request, they don’t. Why? – Because they will fill up their cache with bindings they may never need. ICMP • Internet Control Message Protocol • Mostly not implemented these days. • Only echo request/responses are implemented/enabled often. – Many others are security liabilities. • Designed to handle reporting errors/misconfigurations in an IP network. • Layer 4 protocol (carried by IP). DHCP • Not necessary to implement to get a working network, but awfully convenient. • What is its role? – Allows a computer to “automatically” get an IP address. – And, subnet mask. – And, default route. – And, DNS server IP address(es). • All of these can be done by hand configuration. • Initially was called BOOTP. DHCP problem… Q: How does a machine without an IP address request an IP address over an IP network? A: Sends a (layer 2 and 3) broadcast message, filling in the src IP address as 0.0.0.0 (“this computer”). Layer 4 is UDP, port 67, indicating a DHCP message. All machines receive the broadcast and forward up through IP to UDP. Only the machine listening on port 67 accepts and responds – that’s the DHCP server. The server responds directly to the MAC address used in the request. DHCP Server Configuration Q: How do you configure a DHCP Server? A: You typically edit a file that specifies a range of addresses to be leased dynamically, and/or specific MAC <--> IP address bindings. You also configure the default route and DNS server IP addresses to send out. Note: only one DHCP server must be running per LAN, or chaos ensues... DHCP Relay Agents Q: Do you have to run a DHCP server on each LAN? A: Without some special provisions, yes. DHCP requests use limited bcast (all 1s), so don’t get forwarded across routers. But, you can implement a DHCP relay agent to forward requests/responses to/from the DHCP server. Still must be on relay agent on each LAN.