Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

DHCP and NAT

advertisement 
DHCP and NAT
Tahir Azim
ref: Umar Kalim, NIIT
1
IP addresses: how to get one on a
LAN?
Q: How does host get IP address?
 hard-coded by system admin in a file


Wintel: control-panel->network->configuration->tcp/ip->properties
UNIX: /etc/rc.config
 DHCP: Dynamic Host Configuration Protocol:
dynamically get address: “plug-and-play”
 NAT: Network Address Translation
ref: Umar Kalim, NIIT
2
DHCP:
Dynamic Host Configuration Protocol
DHCP overview:
Goal: dynamically obtain an IP
address from network server
 Can renew its lease on address
in use
 Allows reuse of addresses
 Support for mobile users



Relay agent on
every LAN
ref: Umar Kalim, NIIT

host broadcasts “DHCP
discover” msg
DHCP server responds with
“DHCP offer” msg
host requests IP address:
“DHCP request” msg
DHCP server sends address:
“DHCP ack” msg
3
DHCP client-server scenario
A
B
223.1.2.1
DHCP
server
223.1.1.1
223.1.1.2
223.1.1.4
223.1.2.9
223.1.2.2
223.1.1.3
223.1.3.1
223.1.3.27
223.1.3.2
E
arriving DHCP
client needs
address in this
network
Router sometimes works as “DHCP relay agent”
ref: Umar Kalim, NIIT
4
DHCP client-server scenario
DHCP server: 223.1.2.5
DHCP discover
broadcast
Protocol
Overview
arriving
client
src : 0.0.0.0, 68
dest.: 255.255.255.255,67
yiaddr: 0.0.0.0
transaction ID: 654
broadcast
DHCP offer
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 654
Lifetime: 3600 secs
DHCP request
time
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
Unicast ?
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
ref: Umar Kalim, NIIT
5
DHCP Packet Format
op (1 byte)
htype (1 byte)
hlen (1 byte)
hops (1 byte)
xid (4 bytes)
secs (2 bytes)
flags (2 bytes)
ciaddr (4 bytes)
yiaddr (4 bytes)
siaddr (4 bytes)
giaddr (4 bytes)
chaddr (16 bytes)
sname (64 bytes)
file (128 bytes)
options (variable)
ref: Umar Kalim, NIIT
6
DHCP Packet Format: Fields (1
of 3)
 op – Message Type
• 1 = BOOTREQUEST: Client to server
• 2 = BOOTREPLY: Server to client
 htype – Hardware Address Type
• 1 = 10Mb Ethernet
 hlen – Hardware Address Length (in bytes)
• 6 (bytes) for 10Mb Ethernet.
 hops – Hops taken so far
• Client sets to 0. Optionally used by relay agents when
booting via relay agent.
 xid – Transaction Id. Unique number to associate
messages.
• Random number chosen by the client.
 secs – Number of seconds elapsed since client
began address acquisition/renewal
• Filled in by the client.
ref: Umar Kalim, NIIT
7
DHCP Packet Format: Fields (2
of 3)
 flags
 ciaddr – Client IP Address
• Only filled in if client is in BOUND, RENEW or
REBINDING states.
 yiaddr – Your IP Address
• The IP Address that the server gives to the client.
ref: Umar Kalim, NIIT
8
DHCP Packet Format: Fields (3
of 3)
 siaddr – Server IP Address
• Address of next server to use. Set by server in DHCP-OFFER and
DHCP-ACK.
 giaddr – Gateway/ Relay Agent IP Address.
• Used if indirect connection to the DHCP Server.
 chaddr – Client Hardware Address
• The Ethernet/MAC Address of the client.
 sname – Server Name
• Optional server name. Null terminated string.
 file – Boot File Name
• Null terminated string.
 options – Various optional fields.
ref: Umar Kalim, NIIT
9
NAT: Network Address Translation
 Motivation: demand for IP addresses increases with the arrival of
small devices.
 NAT solution:
 local network uses just one IP address as far as outside world is
concerned
 allocate addresses to devices in local network without notifying
outside world
 can change ISP without changing addresses of devices in local
network
 devices inside local net not explicitly addressable, visible by
outside world (a security plus).
 widespread use
 Private IP addresses:
 10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
ref: Umar Kalim, NIIT
10
NAT: Network Address Translation
rest of
Internet
local network
(e.g., home network)
10.0.0/24
10.0.0.4
10.0.0.1
10.0.0.2
138.76.29.7
10.0.0.3
All datagrams leaving local
network have same single source
NAT IP address: 138.76.29.7,
different source port numbers
Datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
ref: Umar Kalim, NIIT
11
NAT: Network Address Translation
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
2
NAT translation table
WAN side addr
LAN side addr
1: host 10.0.0.1
sends datagram to
128.119.40.186, 80
138.76.29.7, 5001 10.0.0.1, 3345
……
……
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3: Reply arrives
dest. address:
138.76.29.7, 5001
3
1
10.0.0.4
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
ref: Umar Kalim, NIIT
12
NAT Implementation
16 bit port#
Private
Addr
Private Port
External
Addr
External
Port
NAT Addr
NAT
Port
Protocol
nb-addr
nb-port1
yahoo
80
gw-addr
3001
tcp
nb-addr
nb-port2
dns.sjsu
53
gw-addr
3002
udp
nb-addr
nb-port3
yahoo
80
gw-addr
3003
tcp
pc-addr
pc-port1
yahoo
80
gw-addr
3004
tcp
outgoing: replace (src IP addr, port #) to (NAT addr, NAT port #)
. . . remote will respond to (NAT addr, NAT port #)
remember (in NAT translation table) every (src IP addr, port #) to (NAT addr,
NAT port #) translation pair
incoming: replace (NAT addr, NAT port #) in dest fields of every incoming
datagram with corresponding (src IP add, port #) stored in NAT table
ref: Umar Kalim, NIIT
13
Load Balancing Servers with
NAT
Server
Public
Internet
Server
Private
Intranet
Server
Server
 Single IP address for web server
 Redirects workload to multiple internal
servers
ref: Umar Kalim, NIIT
14
Load Balancing Networks with
NAT
Service Provider 1
Private
Intranet
NAT
Gateway
Network X
Service Provider 2
 Connections from Private Intranet split across Service
Providers 1 and 2
 Load balances at connection level

How to identify a connection?
• Using source IP, destination IP, source and destination port numbers

Load balancing at IP level can cause low TCP throughput. Why?
ref: Umar Kalim, NIIT
15
NAT Discussion
 NAT works best with TCP connections
 NAT breaks End-to-End Principle by
modifying packets
 Problems

Applications use IP addresses within data
stream (FTP)
• Most implementations only recognize a few standard
applications
 Connectionless
UDP (Quake multiplayer)
 Need to watch/modify data packets
ref: Umar Kalim, NIIT
16
Related documents
Mod 01 Scaling IP Addresses
Mod 01 Scaling IP Addresses
PT Activity 7.4.3: Troubleshooting DHCP and NAT (Instructor)
PT Activity 7.4.3: Troubleshooting DHCP and NAT (Instructor)
Operating Systems - Shawlands Academy
Operating Systems - Shawlands Academy
File - DIVISION OF MALABON CITY
File - DIVISION OF MALABON CITY
Reach 2010
Reach 2010
Chapter 8
Chapter 8
DHCP Security Analysis
DHCP Security Analysis
Download
advertisement