Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Chapter 23: ARP, ICMP, DHCP CS332 Spring 2016 Victor Norman

advertisement 
Chapter 23: ARP, ICMP, DHCP
CS332
Spring 2016
Victor Norman
ARP Caching
Q: Can you explain ARP Caching a bit more? Does it
do this mainly because it expects to send the same
datagram over again or is it more for when the
datagram gets split up? I guess I’m still a bit fuzzy
on why caching improves performance.
A: ARP caching is remembering the results of
previous ARPs – so, remembering the binding
between MAC address and IP address. This is done
purely for efficiency. If you send a packet to one IP
address on your network, you will probably send
one again.
Who does a machine ARP for?
Q: Does a machine ARP for a machine that is not on
its local LAN?
A: No! It is trying to find the MAC address – which
means layer 2. So, it is trying to get the packet to its
next-hop (which might be the ultimate destination).
If the destination address is not on the local
network, then the packet is sent to the router,
which is on the local network. So, if it needs to, it
will ARP for the router’s IP address on the local
network.
Why have addr type and length?
Q: In the ARP packet format, there is a Hardware
Address Type field and a corresponding
Hardware Address Length field? Isn’t having
both redundant?
A: LIB… I never of that before. It does seem
unnecessary, doesn’t it...
ARP cache update
Q: Why is it necessary to “replace the MAC address with
address M”?
A: In case IP address I moved to a different machine.
Q: How often does this happen?
A: Probably rarely. But, it could happen if a DHCP server runs
out of addresses.
Q: Does a requestor put a “half-entry” into the table when it
sends a request?
A: I don’t think so. Comer’s description seems to imply this,
though…
Q: Why doesn’t ARP ”mark” a cache entry as updated
whenever it is used? Thus, the oldest *unused* entries would
be removed…
A: I don’t know the answer to that... It does seem reasonable.
What if…
Q: A machine does not answer ARP requests?
A: No one talks to it.
Q: Two machines answer an ARP request, with
their own different MAC addresses?
A: Houston, we have a problem!
Probably the second response will stay in the
cache and the first machine won’t be talked to.
ICMP
Q: What layer is ICMP at? It is carried in IP
packets, so does that make it layer 4?
A: The protocol description says that ICMP must
be implemented if IPv4 is implemented. So, it is
a part of IP at layer 3. Also, it is not a transport
protocol, which is what is at layer 4.
ICMP for errors only?
Q: If ICMP is used to report errors, why is it used
to handle pings and traceroutes?
A: ICMP is used for network debugging. That’s
what pings are for.
traceroute makes use of ICMP error messages by
setting the TTL too low in the messages it
generates. That way the routers will send errors
back and traceroute will learn the IP addresses
of the routers on the path to the destination.
“Parameterized” software
Q: Could you explain what is meant by "binary
image" in this statement:
In essence, protocol software consists of a
binary image that is parameterized, and
initialization fills in a set of parameters.
A: What this means is that the software
components (IP, ARP, DHCP, etc.) have to be
configured to work on each machine, somehow.
DHCP
Q: Does DHCP use all 1s (router address) as the
destination and all 0s as the source in a request,
just like BOOTP did?
A: Careful! It does use all 1s (IP broadcast) and all 0s
(“this host”) but all 1s is not a “router address”.
Q: How is bootstrapping implemented?
A: With DHCP! It helps the machine get up and
going, from nothing. (Some OSes will even boot up
a tiny OS, and then get an image name in the DHCP
response, and download (via TFTP) and boot that
image.)
No DHCP server?
Q: What happens if there is no DHCP server in a
computer’s broadcast domain?
A: It gets no IP address and can’t play with
others…
Q: Why even have DHCP relay agents?
A: In an organization like Calvin’s, it might be
really nice to have one DHCP server running,
giving out addresses on all VLANs. Then, you
have only one server to manage and monitor.
DHCP relay agent
Q: How does a DHCP relay agent work?
A: A relay agent listens on a LAN for a DHCP
request. When it receives that request, it
encapsulates the information in the request in a
special message it sends to the (remote) DHCP
server. The server responds to it, and then the
agent sends out a DHCP reply, as if it were the
actual server.
(There are similar servers out there called proxy
ARP servers…)
NAT
• What Comer calls NAPT, everyone else calls NAT.
• Private (non-routable) addresses:
– Only used behind a NAT or on private networks.
– Can be subnetted.
– 172.16/12 – 16 contiguous class B blocks?
• 172.16, 172.17, 172.18, … 172.31.
• NAT has a “private” (or “LAN”) side and a “public”
(or ”WAN”) side.
• Breaks the rule about the src and dest IP
addresses in a packet never being changed as the
packet is forwarded.
Access to NATted machines
Q: Can a computer from a different network
send a message to a specific host on a NATted
network?
A: It cannot initiate a message to a NATted
machine. It can only respond to a message
initiated by the NATted machine. The translation
table entry in the NAT is created when a privateside machine sends a message to a public-side
machine.
NAT questions
Q: What happens if a public-side machine tries to
send a message to a private-side machine? Does
the NAT broadcast the message?
A: No. The NAT drops it.
Q: What if I wanted to SSH into one of the hosts on
the private side? Is that possible?
A: It is not possible unless you set up portforwarding on the NAT. Then, you can ssh to the
NAT and you’ll automatically be logging in to the
private-side machine.
NAT questions
Q: Is a NAT similar to a router? What layer does
a NAT operate at?
A: It operates at layer 3 (mostly), so it is very
similar to a router. In fact, I would call it a special
kind of router. But, it does know a lot about
layer 4 (TCP/UDP) – it can read the port #s and
replace them, etc.
Old Slides
Role of ARP
Q: What role does ARP play in the TCP/IP
protocol stack?
A: See Figure 23.5 on p 389. ARP bridges the
Layer 2 / Layer 3 addressing boundary, allowing
IP to be agnostic about layer 2’s addressing, and
yet still use layer 2 to deliver packets.
Note that ARP is designed to work with not just
IP and Ethernet, but any pair of protocols.
IP vs MAC addresses
Q: What is the point of IP addresses if they are
just resolved to the computers MAC address?
A: An IP address is unique across the entire
universe, and so uniquely identifies a
destination. A MAC address only identifies a
machine on the local network (so it only has to
be unique on the local network, although MAC
addresses are universally unique).
ARP Request/Response
Q: How does a machine send a request to another
machine to get its MAC if it doesn’t know the MAC
of the machine?
A: The requesting machine broadcasts the request
at layer 2, asking for a certain IP address. All
machines on the LAN accept that packet, but only
the machine with that IP address responds, using
layer 2 to deliver the packet back directly to the
requester.
(Note: ARP is not carried in an IP packet. It is
carried directly on layer 2.)
ARP problems
Q: Can a network have problems related to address
resolution? If so, would the problems mostly arise
from the protocol or can there be external factors
that cause those problems?
A: The only problems I can think of: 1) a machine
doesn’t answer ARP requests  no one can talk to
it; 2) multiple machines answer an ARP request 
some machines might talk to one machine and
some to another, thinking they are talking to the
one machine with the unique IP address.
“Destination unreachable”
Q: About the destination unreachable error on
page 390; would that be referring to a computer
on a remote network?
A: This is reported when either your host
machine has no route to the destination
network/machine, or, a remote router (a “nexthop” router) has no route to the destination
network/machine.
DHCP overview
Q: Could you explain DHCP a bit more (perhaps with a
drawing)?
A: Sure.
1) Machine boots up and finds it has not IP address.
2) It broadcasts a DHCP request.
3) The DHCP server allocates an IP address and sends it.
4) The machine receives it and installs the IP address.
- The response also typically includes a network mask, default
route, and DNS server IP hostname/address.
DHCP details
Q: What is the "recommended" or "normal"
time of a DHCP lease?
A: 24 hours, I think.
Q: From what I can gather, DHCP is not a
necessity. Is that correct?
A: Not necessary, but awfully useful. Otherwise,
the user has to set the IP address every time the
machine is rebooted.
DHCP Servers
Q: Do you always need a dedicated DHCP server
if you want to use DHCP? It seems like it would
not take a lot of processing power to hand out
addresses. Could this functionality be rolled up
with other services on one server?
A: DHCP servers typically run on routers or some
machine that runs lots of services.
Q: Do you need a DHCP server on every LAN?
A: Yes, unless you use a relay agent.
Configuration
Q: Can DHCP be configured any way that the admin
wants? Can selective leasing be used to give a
specific computer a specific address when the
computer boots, even if another computer has that
IP address - can the DHCP server take the address
back to give to the new computer?
A: DHCP can be configured in many different ways.
We’ll do this in lab.
A server can force a machine to give up an IP
address, I think.
Fixed addresses?
Q: Although DHCP is used extensively, what are the
advantages of setting a fixed address assignment are there any?
A: I have used fixed IP addresses when I want some
network service running on a certain machine with
a certain IP address always. E.g., you typically hardcode a router’s interface to be x.y.z.1.
Or, maybe you have some license server software
and you want to configure all your machines to
always to go a certain IP address to get some
license for the software.
BOOTP vs DHCP
Q: Since BOOTP was extended to become DHCP,
can you boot a BOOTP client on a DHCP server
or vice-versa?
A: You can use a BOOTP server with a DHCP
client, but not vice versa, I think. The BOOTP
server will send out a message a client can
understand, but won’t contain all the data the
client could receive… I think…
How does ARP work?
Q: How does ARP work?
A: IP hands a packet and a next-hop IP address
to layer 2 to forward for it. Layer 2 has to figure
out how to get the MAC address for this IP
address. It checks its ARP cache for a resolution.
If not found, it sends an ARP request and waits
for a response. Then, it caches the results and
sends to the MAC delivered in the response.
ARP Request/Response
Q: How does a machine send a request to another
machine to get its MAC if it doesn’t know the MAC
of the machine?
A: The requesting machine broadcasts the request
at layer 2, asking for a certain IP address. All
machines on the LAN accept that packet, but only
the machine with that IP address responds, using
layer 2 to deliver the packet back directly to the
requester.
(Note: ARP is not carried in an IP packet. It is
carried directly on layer 2.)
Details
• The ARP responder caches the MAC/IP of the
requester in its ARP cache.
• Although all machines on the LAN could
update their ARP cache from an ARP request,
they don’t. Why?
– Because they will fill up their cache with bindings
they may never need.
ICMP
• Internet Control Message Protocol
• Mostly not implemented these days.
• Only echo request/responses are
implemented/enabled often.
– Many others are security liabilities.
• Designed to handle reporting
errors/misconfigurations in an IP network.
• Layer 4 protocol (carried by IP).
DHCP
• Not necessary to implement to get a working
network, but awfully convenient.
• What is its role?
– Allows a computer to “automatically” get an IP
address.
– And, subnet mask.
– And, default route.
– And, DNS server IP address(es).
• All of these can be done by hand configuration.
• Initially was called BOOTP.
DHCP problem…
Q: How does a machine without an IP address
request an IP address over an IP network?
A: Sends a (layer 2 and 3) broadcast message, filling
in the src IP address as 0.0.0.0 (“this computer”).
Layer 4 is UDP, port 67, indicating a DHCP message.
All machines receive the broadcast and forward up
through IP to UDP. Only the machine listening on
port 67 accepts and responds – that’s the DHCP
server. The server responds directly to the MAC
address used in the request.
DHCP Server Configuration
Q: How do you configure a DHCP Server?
A: You typically edit a file that specifies a range
of addresses to be leased dynamically, and/or
specific MAC <--> IP address bindings. You also
configure the default route and DNS server IP
addresses to send out.
Note: only one DHCP server must be running per
LAN, or chaos ensues...
DHCP Relay Agents
Q: Do you have to run a DHCP server on each
LAN?
A: Without some special provisions, yes. DHCP
requests use limited bcast (all 1s), so don’t get
forwarded across routers.
But, you can implement a DHCP relay agent to
forward requests/responses to/from the DHCP
server. Still must be on relay agent on each LAN.
Related documents
7. Refer to the exhibit. Which value will be configured for Default
7. Refer to the exhibit. Which value will be configured for Default
DHCP Security Analysis
DHCP Security Analysis
Setting DHCP Server via Winbox on Mikrotik PC Router
Setting DHCP Server via Winbox on Mikrotik PC Router
Ch05
Ch05
Lab 1B
Lab 1B
Ans
Ans
Windows 2000 DHCP Installation and Configuration
Windows 2000 DHCP Installation and Configuration
ch21
ch21
Download
advertisement