Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Introduction

advertisement 
Dynamic Host Configuration Protocol (DHCP)
Network Address Translation (NAT)
CS491G: Computer Networking Lab
V. Arun
Slides adapted from Liebeherr and El Zarki, Kurose and Ross, IBM, P. Kermani
1
Dynamic Host Configuration Protocol
(DHCP)
2
Dynamic Assignment of IP addresses
• Dynamic assignment of IP addresses desirable for
– On-demand IP address assignment
– Avoiding manual IP configuration
– Supporting mobility, e.g., laptops or smartphones
3
Dynamic IP addresses assignment solutions
• Reverse Address Resolution Protocol (RARP)
– Works similar to ARP, but broadcasts request for the
IP address associated with a given MAC address
– RARP server responds with an IP address
– Only assigns IP address (not default router, netmask)
IP address
(32 bit)
ARP
RARP
Ethernet MAC
address
(48 bit)
4
BOOTP
• BOOTstrap Protocol (BOOTP)
– From 1985
– Host can configure its IP parameters at boot time.
– 3 main services
• Assigning IP address
• Detecting IP address of a serving machine.
• Name of executable boot file name
– Can also assign default router, network mask, etc.
– Sent as UDP messages (port 67:server and 68:host)
– Use limited broadcast address (255.255.255.255)
5
BOOTP Interaction
(a)
Argon
00:a0:24:71:e4:44
BOOTP Server
Argon
128.143.137.144
00:a0:24:71:e4:44
(b)
DHCP Server
BOOTP Response:
IP address: 128.143.137.144
Server IP address: 128.143.137.100
Boot file name: filename
BOOTP Request
00:a0:24:71:e4:44
Sent to 255.255.255.255
(c)
• BOOTP can be used for
downloading memory
image for diskless PCs
(network boot)
• Static assignment of IP
addresses to hosts
6
DHCP
• Dynamic Host Configuration Protocol (DHCP)
– From 1993
– Extension of BOOTP, same port numbers, interoperable
– Extensions:
• Supports temporary “leases” of IP addresses
• DHCP client can acquire all IP configuration parameters
needed to operate
– DHCP is the preferred mechanism for dynamic assignment
of IP addresses
7
DHCP Interaction (simplified)
Argon
128.143.137.144
00:a0:24:71:e4:44
DHCP Server
DHCP Response:
IP address: 128.143.137.144
Default gateway: 128.143.137.1
Netmask: 255.255.0.0
8
Typical DHCP client-server scenario
DHCP server: 223.1.2.5
DHCP discover
src : 0.0.0.0, 68
dest.: 255.255.255.255,67
yiaddr: 0.0.0.0
transaction ID: 654
arriving
client
DHCP offer
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 654
lifetime: 3600 secs
DHCP request
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
yiaddrr: 223.1.2.4
transaction ID: 655
lifetime: 3600 secs
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 655
lifetime: 3600 secs
•Network Layer •4-9
BOOTP/DHCP Message Format
OpCode
Hardware Type
Number of Seconds
Hardware Address
Hop Count
Length
Unused (in BOOTP)
Flags (in DHCP)
Transaction ID
Client IP address
Your IP address
Server IP address
Gateway IP address
Client hardware address (16 bytes)
Server host name (64 bytes)
Boot file name (128 bytes)
Options
(There are >100 different options)
10
DHCP Message Type
• Message type sent as option
Value
Message Type
1
DHCPDISCOVER
2
DHCPOFFER
3
DHCPREQUEST
4
DHCPDECLINE
5
DHCPACK
6
DHCPNAK
7
DHCPRELEASE
8
DHCPINFORM
11
Other options (selection)
• Other DHCP information that can be sent as an option:
Subnet Mask, Name Server, Hostname, Domain Name,
Forward On/Off, Default IP TTL, Broadcast Address, Static
Route, Ethernet Encapsulation, X Window Manager, X
Window Font, DHCP Msg Type, DHCP Renewal Time, DHCP
Rebinding, Time SMTP-Server, SMTP-Server, Client FQDN,
Printer Name, …
12
Network Address Translation (NAT)
13
Private Network
• Private IP network : not directly connected to the Internet
• IP addresses in a private network can be assigned arbitrarily.
– Not registered and not guaranteed to be globally unique
• Designated private address ranges:
– 10.0.0.0 – 10.255.255.255
– 172.16.0.0 – 172.31.255.255
– 192.168.0.0 – 192.168.255.255
14
Private Network Example
H1
10.0.1.2
H3
H2
H4
10.0.1.2
10.0.1.3
10.0.1.1
10.0.1.3
10.0.1.1
Private network 1
Private network 1
Internet
R1
128.195.4.119
128.143.71.21
R2
213.168.112.3
H5
15
Network Address Translation (NAT)
• Router function at boundary of private network that rewrites
[IP,port] fields in incoming and outgoing packets
16
NAT: network address translation
motivation: local network uses just one IP address as far
as outside world is concerned:
 range of addresses not needed from ISP: just one
IP address for all devices
 can change addresses of devices in local network
without notifying outside world
 can change ISP without changing addresses of
devices in local network
 can use translation for load balancing
 devices inside local net not explicitly addressable,
visible by outside world (a security plus)
•Network Layer •4-17
NAT: network address translation
rest of
Internet
local network
(e.g., home network)
10.0.0/24
10.0.0.1
10.0.0.4
10.0.0.2
138.76.29.7
10.0.0.3
all datagrams leaving local
network have same single
source NAT IP address:
138.76.29.7,different source
port numbers
datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
•Network Layer •4-18
NAT: network address translation
implementation: NAT router must:
 outgoing datagrams: replace (source IP address, port #) of
every outgoing datagram to (NAT IP address, new port #)
. . . remote clients/servers will respond using (NAT IP
address, new port #) as destination addr
 remember (in NAT translation table) every (source IP address,
port #) to (NAT IP address, new port #) translation pair
 incoming datagrams: replace (NAT IP address, new port #) in
dest fields of every incoming datagram with corresponding
(source IP address, port #) stored in NAT table
•Network Layer •4-19
NAT: network address translation
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
NAT translation table
WAN side addr
LAN side addr
1: host 10.0.0.1
sends datagram to
128.119.40.186, 80
138.76.29.7, 5001 10.0.0.1, 3345
……
……
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
10.0.0.1
1
2
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3: reply arrives
dest. address:
138.76.29.7, 5001
3
10.0.0.4
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
10.0.0.2
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
•Network Layer •4-20
Number of ways of using NAT


Static NAT: Translate each private IP address to a
specific IP address
Dynamic NAT: Pool of inside global addresses
and matching criteria
 Port forwarding: redirecting incoming packets on
specific ports to specific internal machine
 Overloading: Using a small number of global addresses
for much larger number of local addresses
 Load balancing: Map same source [IP,port] in incoming
packets to different internal servers
•Network Layer •4-21
Cisco’s static NAT terminology
Term
Meaning
Inside Local
An address in the private network that is not visible in the public
network.
More descriptive term: inside private.
Inside Global
The address used to represent the inside host in the public
network.
More descriptive term: inside public.
Outside Global
The actual IP address assigned to a host that resides in the
outside network (may not be known in the private network).
More descriptive term: outside public.
Outside Local
The IP address of an outside host as it appears to the inside
network. Not necessarily a legitimate address, it is allocated from
an address space routable on the inside.
Not a popular option.
More descriptive term: outside private.
•22
Load balancing of servers
23
Configuring NAT in Linux
• Linux uses the netfilter/iptable package to add filtering rules to
the IP module
To application
From application
filter
INPUT
nat
OUTPUT
filter
OUTPUT
Yes
Destination
is local?
nat
PREROUTING
(DNAT)
Incoming
datagram
No
filter
FORWARD
nat
POSTROUTING
(SNAT)
Outgoing
datagram
24
Configuring NAT with iptable
• First example:
iptables –t nat –A POSTROUTING –s 10.0.1.2
–j SNAT --to-source 128.143.71.21
• Pooling of IP addresses:
iptables –t nat –A POSTROUTING –s 10.0.1.0/24
–j SNAT --to-source 128.128.71.0–128.143.71.30
• ISP migration:
iptables –t nat –R POSTROUTING –s 10.0.1.0/24
–j SNAT --to-source 128.195.4.0–128.195.4.254
• IP masquerading:
iptables –t nat –A POSTROUTING –s 10.0.1.0/24
–o eth1 –j MASQUERADE
• Load balancing:
iptables -t nat -A PREROUTING -i eth1 -j DNAT --todestination 10.0.1.2-10.0.1.4
25
NAT multiplexing limits

16-bit port-number field:
 ~65K simultaneous connections with a single
LAN-side address!
 Possible to have ~65K connections to each
WAN-side destination
•Network Layer •4-26
NAT drawbacks/controversies
routers should only process up to layer 3,
address shortage ought to be solved by IPv6
 violates end-to-end argument

 NAT possibility must be taken into account by
app designers, e.g., P2P applications
 Two private network machines can not
communicate directly without third-party support
Performance: checksums need to be
recomputed in transport and IP headers
 IP fragmentation needs careful handling
 Breaks apps that embed IP addresses (FTP)

•Network Layer •4-27
NAT traversal problem/solutions

client wants to connect to
server with address 10.0.0.1
 server address 10.0.0.1 local to
LAN (client can’t use it as
destination addr)
 only one externally visible NATed
address: 138.76.29.7

solution1: statically configure
NAT to forward incoming
connection requests at given
port to server
10.0.0.1
client
?
10.0.0.4
138.76.29.7
NAT
router
 e.g., (123.76.29.7, port 2500)
always forwarded to 10.0.0.1 port
25000
•Network Layer •4-28
NAT traversal problem/solutions

solution 2: Universal Plug and Play
(UPnP) Internet Gateway Device
(IGD) Protocol. Allows NATed
host to:
 learn public IP address
(138.76.29.7)
 add/remove port mappings
(with lease times)
10.0.0.1
IGD
NAT
router
i.e., automate static NAT port
map configuration
•Network Layer •4-29
NAT traversal problem/solutions

solution 3: relaying (used in Skype)
 NATed client establishes connection to relay
 external client connects to relay
 relay bridges packets between to connections
2. connection to
relay initiated
by client
client
3. relaying
established
1. connection to
relay initiated
by NATed host
138.76.29.7
10.0.0.1
NAT
router
•Network Layer •4-30
Lab 6 review
31
Lab 6- Exercise 5C
•32
Lab 6- Exercise 5C
Note the path from
PC1 to PC4
Root Bridge
000d.56ef.267a
0002.e31c.7969
PC2 1
0
0009.437a.3560
0 RP
0 RP
0009.437a.3160
R3
009.437a.3561
R2
1
DP
0
PC4
0009.437a.3161
0
RP
R4
1
PC1
0
DP
DP
1
RP 0
R1
1
DP
0009.433b.9400
0009.433b.9401
0009.433b.8bc0
0009.433b.5bc1
PC3
0
•33
Lab 6- Exercise 6A
Root Bridge
000d.56ef.267a
0002.e31c.7969
PC2 1
0
0009.437a.3560
DP
0
0009.437a.3160
RP
R3
009.437a.3561
R2
1
0009.437a.3161
1
PC1
0
DP
RP
0
RP
0
R1
1
0009.433b.9400
0009.433b.9401
DP
RP
DP
0
PC4
RP
0
R4
1
0009.433b.8bc0
0009.433b.5bc1
PC3
0
•34
Lab 6- Exercise 6B
000d.56ef.267a
0002.e31c.7969
PC2 1
0
PC1
0
RP
0009.437a.3560
DP
0
0009.437a.3160
R3
009.437a.3561
1
R2
1
0009.437a.3161
RP
0
PC4
DP
0
RP
DP
R4
1
0
RP
0
R1
1
DP
0009.433b.9400
0009.433b.9401
Root Bridge
0009.433b.8bc0
0009.433b.5bc1
PC3
0
•35
Lab 6- Exercise 7B
•36
10.0.0.0/16
10.0.1.0/24
10.0.1.11/24 PC1
RT1 (Br)
10.0.1.2/24
Broadcast Domains
RT2
10.0.4.0/24
10.0.4.31/24 PC3
10.0.3.0/24
10.0.3.2/24
RT4 (Br)
10.0.4.3/24
PC4
RT3
10.0.3.3/24
10.0.3.21/24 PC2
10.0.4.41/16
•37
10.0.0.0/16
10.0.1.0/24
10.0.1.11/24 PC1
RT1 (Br)
10.0.1.2/24
RT2
10.0.4.0/24
10.0.4.31/24 PC3
10.0.3.0/24
10.0.3.2/24
RT4 (Br)
10.0.4.3/24
PC4
RT3
10.0.3.3/24
10.0.3.21/24 PC2
10.0.4.41/16
•38
10.0.0.0/16
10.0.1.0/24
10.0.1.11/24 PC1
PC1 PC3
RT1 (Br)
Ping
succeeds
10.0.1.2/24
RT2
10.0.4.0/24
10.0.4.31/24 PC3
10.0.3.0/24
10.0.3.2/24
RT4 (Br)
10.0.4.3/24
PC4
RT3
10.0.3.3/24
10.0.3.21/24 PC2
10.0.4.41/16
•39
10.0.0.0/16
10.0.1.0/24
10.0.1.11/24 PC1
PC1 PC4
RT1 (Br)
Ping fails
10.0.1.2/24
RT2
10.0.4.0/24
10.0.4.31/24 PC3
10.0.3.0/24
10.0.3.2/24
RT4 (Br)
10.0.4.3/24
PC4
RT3
10.0.3.3/24
10.0.3.21/24 PC2
10.0.4.41/16
•40
10.0.0.0/16
10.0.1.0/24
10.0.1.11/24 PC1
PC4 PC1
RT1 (Br)
Ping
succeeds
10.0.1.2/24
RT2
10.0.4.0/24
10.0.4.31/24 PC3
10.0.3.0/24
10.0.3.2/24
RT4 (Br)
10.0.4.3/24
PC4
RT3
10.0.3.3/24
10.0.3.21/24 PC2
10.0.4.41/16
•41
10.0.0.0/16
10.0.1.0/24
10.0.1.11/24 PC1
PC1 PC2
RT1 (Br)
Ping
succeeds
10.0.1.2/24
RT2
10.0.4.0/24
10.0.4.31/24 PC3
10.0.3.0/24
10.0.3.2/24
RT4 (Br)
10.0.4.3/24
PC4
RT3
10.0.3.3/24
10.0.3.21/24 PC2
10.0.4.41/16
•42
Related documents
File - DIVISION OF MALABON CITY
File - DIVISION OF MALABON CITY
Causes of the Civil War
Causes of the Civil War
Types of Computer - Shawlands Academy
Types of Computer - Shawlands Academy
Reach 2010
Reach 2010
January 2015 Monitoring Report
January 2015 Monitoring Report
File
File
Input, Output and Backing Storage
Input, Output and Backing Storage
S3 Curriculum for Excellence Information Evening : 6 September 2012
S3 Curriculum for Excellence Information Evening : 6 September 2012
4 - ICBNet
4 - ICBNet
Civil Rights Movement
Civil Rights Movement
Download
advertisement