Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Domains

advertisement 
Chapter 7
Support infrastructure for networking
DHCP, NAPT, ARP, DNS
Contents
•
•
•
•
•
•
DHCP (Dynamic host configuration protocol)
RFC 1918 non-routable addresses
Network address translation
Address resolution protocol
Domain Name System
Home networking
2
Routing DHCP NAT ARP DNS
DHCP
• A big part of the usefulness of IP addresses is
the flexibility in their assignment
• However, manual assignment is very prone to
errors
3
Home
networking
Routing DHCP NAT ARP DNS
IP address allocation efficiency
• With 32-bit addresses, there can be 232 = 4
billion addresses
• However, these addresses are not assigned
very efficiently
• Further, at any given time, only a small
fraction of the computers are actually
communicating with other computers outside
the organization
4
Home
networking
Routing DHCP NAT ARP DNS
Solving IP address availability
• So, the real fear is that we could be running
out of IP addresses
• The long-term solution is to increase the pool
of IP addresses
– IPv6 is this solution
– Provides trillions of IP addresses/ square foot of
the Earth’s surface
• Dynamic host control protocol (DHCP) is one
part in a 3-part short-term solution
5
Home
networking
Routing DHCP NAT ARP DNS
The DHCP solution
• DHCP enables programmatic assignment and
collection of IP addresses
• Defined in RFC 2131 (March 1997)
• Addresses may be allocated in 3 ways:
– Automatic
– Manual
– Dynamic
6
Home
networking
Routing DHCP NAT ARP DNS
DHCP dynamic allocation
• Allows automatic reuse of an address when it
is no longer needed by the computer to which
it was assigned
• Each subnet has access to at least one DHCP
server
• All DHCP clients look for a DHCP server upon
startup to get network parameters
7
Home
networking
Routing DHCP NAT ARP DNS
DHCP server and client settings
Home
networking
Routing DHCP NAT ARP DNS
DHCP operation timeline
Server (not
selected)
Server
(selected)
Client
Begins initialization
DHCP DISC
OVER
DHCP DISC
OVER
Determines
configuration
Determines
configuration
DHCP OFF
ER
DHCP
OFFER
Collects replies
Selects
configuration
DHCP
DHCP RE
QUEST
ST
REQUE
Commits
configuration
DHCP ACK
Initialization
complete
Graceful shutdown
DHCP RELE
ASE
Lease discarded
9
Home
networking
Routing DHCP NAT ARP DNS
DHCP dynamic allocation
• The DHCP server provides an IP address for a
fixed duration in response to a client’s DHCP
request
• The DHCP server also provides all network
configuration information the client needs to
operate
10
Home
networking
Routing DHCP NAT ARP DNS
DHCP – address leasing
• Duration of address assignment is called leasetime
• The client can request the DHCP server for an
extension of the lease before the lease expires
• In a typical DHCP client-server interaction
– Client sends a DHCP DISCOVER
– Server responds with DHCP OFFER
– DHCP REQUEST broadcasts client selection
– Selected server sends DHCP ACK
11
Home
networking
Routing DHCP NAT ARP DNS
Sample dhcpd.conf
option domain-name
option domain-name-servers
option routers
option subnet-mask
default-lease-time
“datacomm.example.com";
10.1.1.1, 10.2.1.1, 10.3.1.1;
10.1.1.254;
255.255.255.128;
21600;
subnet
10.1.1.128 netmask
range 10.1.1.236
}
255.255.255.128
10.1.1.253;
host www {
hardware
fixed-address
host-name
}
ethernet 00:06:5B:CE:39:05;
10.1.1.2;
“www.datacomm.example.com";
Network options
{
Dynamic allocation range
Manual allocation
12
Home
networking
Routing DHCP NAT ARP DNS
Non-routable Addresses
• Address reuse
– Second component of 3-part short-term solution
to the shortage of IP addresses
• Certain IP addresses have been defined to be
reusable as many times as necessary
• Defined in RFC 1918 (1996)
13
Home
networking
Routing DHCP NAT ARP DNS
Non-routable address blocks
• Three blocks have been defined in RFC 1918
– 10.0.0.0
- 10.255.255.255 (10/8 prefix)
– 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
– 192.168.0.0 - 192.168.255.255 (192.168/16
prefix)
• Any person or organization may use these
addresses internally without any co-ordination
with any Internet registry
• Routers do not advertise routes with nonroutable addresses to other organizations
14
Home
networking
Routing DHCP NAT ARP DNS
Using non-routable addresses
Home 2
External IP
24.26.79.19
NAPT
Internal IP
192.168.2.1
192.168.2.3
192.168.2.2
Home
networking
Routing DHCP NAT ARP DNS
Network Address Translation (NAT)
• Third component of 3-part solution to IP
address shortage
• Definition (RFC 2663)
– Method by which IP addresses are mapped from
one address block to another, providing
transparent routing to end hosts
16
Home
networking
Routing DHCP NAT ARP DNS
NAT
• NAT is specified in RFC 3022
• Until IPv6 is universally deployed, NAT and RFC
1918 expands the availability of IP addresses
• Many experts hate NAT because it does not
preserve IP addresses end-to-end
17
Home
networking
Routing DHCP NAT ARP DNS
Home
networking
Basic NAT operation
NAT forwarding table
External (ISP) network
Direction
Field
Old
New
Out
IP Source
192.168.2.2
65.32.26.70
In
IP destination
65.32.26.70
192.168.2.2
Internal (home) network
2
1
To
131.247.80.88
Source address: 192.168.2.2
Destination address: 131.247.80.88
192.168.2.1
65.32.26.70
65.32.0.0/15
NAT router
3
192.168.2.0/24
Source address: 65.32.26.70
Destination address: 131.247.80.88
192.168.2.2
192.168.2.3
Source address: 131.247.80.88
Destination address: 65.32.26.70
Network
border
4
Source address: 131.247.80.88
Destination address: 192.168.2.2
18
Routing DHCP NAT ARP DNS
NAT in use
• The single external IP address can support
many clients in the internal network
• The NAT router translates between internal IP
addresses and its own external address
• Designed to support outbound connections
from the internal network
19
Home
networking
Routing DHCP NAT ARP DNS
Using NAPT and RFC 1918
addresses
Home 2
External IP
24.26.79.19
NAPT
Carrier
External IP
24.26.79.18
Internal IP
192.168.2.1
192.168.2.3
192.168.2.2
Home 1
Internal IP
192.168.2.1
NAPT
192.168.2.3
20
192.168.2.2
Home
networking
Routing DHCP NAT ARP DNS
Network Address Port Translation
• Abbreviated as NAPT
• Described in RFC 3022
• NAPT can vastly expand the availability of
IP addresses by enabling each IP address
to serve up to 65,536 separate
connections to each remote host
21
Home
networking
Routing DHCP NAT ARP DNS
Address Resolution Protocol (ARP)
• ARP is used to find Ethernet addresses at the
data-link layer for destinations with a known
IP address
• Defined in RFC 826 (1982)
• Global routes are composed of a sequence of
next hops
22
Home
networking
Routing DHCP NAT ARP DNS
Need for ARP
• But to physically send the packet to the next
hop, we need to know its Ethernet (MAC)
address
• ARP is used to discover the MAC address of
the device at the next hop when its IP address
is known
• ARP links addressing at 2 layers – network and
data link
23
Home
networking
Routing DHCP NAT ARP DNS
Home
networking
ARP operation
1
Who has 192.168.2.1,
tell 192.168.2.11
2
192.168.2.1 is at
00:11:43:AB:AA:02
192.168.2.11
Router A
192.168.2.1
Internet
192.168.2.12
192.168.2.13
24
Routing DHCP NAT ARP DNS
ARP operation
• Before the first packet in a stream is
transmitted, the sender creates a special
packet called an ARP request and broadcasts it
on the LAN
• The computer/ router with the address replies
with its MAC address
25
Home
networking
Routing DHCP NAT ARP DNS
ARP packets
Sender MAC Address : 00:11:50:3a:da:22
Sender IP address
: 192.168.2.11
Target MAC Address : 00:00:00:00:00:00
Target IP address
: 192.168.2.1
• ARP response
–
–
–
–
Sender MAC Address : 00:18:8b:c9:24:6b
Sender IP address
: 192.168.2.1
Target MAC Address : 00:11:50:3a:da:22
Target IP address
: 192.168.2.11
Response
from
target
–
–
–
–
Placeholder
address
• ARP request
26
Home
networking
Routing DHCP NAT ARP DNS
ARP data
• Resolved MAC addresses are saved in cache
for some time
27
Home
networking
Routing DHCP NAT ARP DNS
Domain name system (DNS)
• Computers are uniquely identified on the
Internet by their IP addresses
• However, IP addresses are not very easy to
remember
• The domain name system was developed to
make it easier for humans to identify
computers
28
Home
networking
Routing DHCP NAT ARP DNS
Home
networking
DNS use
1
Standard query
www.ub.edu
Client
192.168.2.11
Router A
192.168.2.1
Internet
2
Standard query response
www.ub.edu is at 128.205.4.175
29
Routing DHCP NAT ARP DNS
The need for a Name Service
• Initially, the Internet was small, and all users
maintained a hosts file to translate names to
IP addresses
– Entries appeared as follows:
131.247.222.249
www.usf.edu
• The need was recognized for a system
30
Home
networking
Routing DHCP NAT ARP DNS
DNS
• The solution was domains and DNS
– RFC 1034
– RFC 1035
• Domain names are arranged hierarchically,
originating from a common root
– Hierarchy based on administrative structure, e.g.
• .edu
– usf.edu
» coba.usf.edu
• As we move from right to left, domain names
identify increasingly specific units of the
network
31
Home
networking
Routing DHCP NAT ARP DNS
Domain naming hierarchy
.
com
Naming universe
edu
google
youtube
groups
www
org
Top level domains
caida
Intermediate domains
ucf
usf
ub
coba
ismlab
www
Endpoint domains
dcom.ismlab.usf.edu.
dcom
www.usf.edu.
32
Home
networking
Routing DHCP NAT ARP DNS
Domain hierarchy
• The name at each hierarchical level is a domain
– Domains are sub-domains of their parent domains
– The domain’s name includes all names to its right
– Each domain maintains jurisdiction over its immediate
sub-domains, and only these sub-domains
– Each domain is responsible to translating these subdomain names to IP addresses
33
Home
networking
Routing DHCP NAT ARP DNS
Domain names
• The rightmost part of all domain names is .
which represents the entire Internet
• All domain names are unique
• The hierarchical structure of the Internet
enables delegation of naming services
34
Home
networking
Routing DHCP NAT ARP DNS
Top level domains
• A number of top-level domains have been
created
– Root zone database at www.iana.org
– Open domains
• Anybody can register
– .com, .biz, .org, .net, .info
– Limited domains
• Conditions must be satisfied for membership
– .edu, .int, .gov, .mil, .pro (licensed doctors, attorneys and
accountants)
– Industry-specific domains
– Country domains
35
Home
networking
Routing DHCP NAT ARP DNS
DNS lookups
• Every computer on the Internet knows the IP
address of a name server it can use
• When a user types a URL, the resolver in the
computer first asks its name server for the IP
address corresponding to this URL
36
Home
networking
Routing DHCP NAT ARP DNS
Typical DNS Query
Query
Name server
# dig www.buffalo.edu
@ mother.usf.edu
Success
;; Got answer:
;; QUESTION SECTION:
;www.buffalo.edu.
IN
;; ANSWER SECTION:
www.buffalo.edu.
86400
IN
IN
IN
IN
ns.buffalo.edu.
sybil.cs.buffalo.edu.
accuvax.northwestern.edu.
;; AUTHORITY SECTION:
buffalo.edu.
buffalo.edu.
Buffalo.edu.
;; ADDITIONAL SECTION:
ns.buffalo.edu.
sybil.cs.buffalo.edu.
accuvax.northwestern.edu.
71951
71951
71951
A
NS
NS
NS
A
IP address
128.205.4.175
Name servers
NS IP address
71951
53404
11624
IN
IN
IN
;; Query time: 3 msec
;; SERVER: 131.247.100.1#53(mother.usf.edu)
A
A
A
128.205.1.2
128.205.32.8
129.105.49.1
Security measure
37
Home
networking
Routing DHCP NAT ARP DNS
DNS Operation
• Domains are called zones in the context of the
domain name service
• Name servers have two kinds of data
• If the name for a foreign zone is requested, a
recursive query results if there is no entry in
cache
38
Home
networking
Routing DHCP NAT ARP DNS
Recursive DNS query resolution
2
Query for the IP address of
www.usf.edu
Local
name
server
3
Referral to .edu name server
.
“ ”
name
server
.
4
Query for the IP address of
www.usf.edu
Referral to usf.edu name
server
5
.
edu
name
server
edu
com
6
Query for the IP address of
www.usf.edu
7
8
Resolver query
What is the IP address of
www.usf.edu?
Answer
The IP address of www.usf.edu is
131.247.80.88
1
IP address of
www.usf.edu
usf.edu
name
server
org
.
usf
ub
Client
resolver
39
Home
networking
Routing DHCP NAT ARP DNS
DNS query resolution
pns:~# dig +trace www.usf.edu
; <<>> DiG 9.2.4 <<>> +trace www.usf.edu
.
77639 IN
(and other root name servers)
NS
E.ROOT-SERVERS.NET.
edu.
172800 IN
(and other .edu name servers)
NS
E.GTLD-SERVERS.NET.
usf.edu.
172800 IN
NS
usf.edu.
172800 IN
NS
(and other usf.edu name servers)
justincase.usf.edu.
mother.usf.edu.
www.usf.edu.
131.247.80.88
600
IN
A
40
Home
networking
Routing DHCP NAT ARP DNS
IP address volatility and the benefit
of DNS
Home
networking
Routing DHCP NAT ARP DNS
DNS Configuration
Time to live
$TTL 86400
NS start of authority
@ IN SOA pns.example.com.
serial 2008072701
Name server update counter
)
IN
IN
NS
MX
Admin email: hostmaster@example.com
hostmaster.example.com. (
pns.example.com.
10
mail.example.com.
pns
www
mail
A
A
A
192.168.16.129
192.168.16.129
192.168.16.130
Resource records
www.example.com is at
192.168.16.129
test
demo
NS
A
demo
192.168.16.143
Delegation: NS for test.example.com is at
demo.example.com (192.168.16.143)
42
Home
networking
Routing DHCP NAT ARP DNS
DNS Configuration
• The administrator for the .com. domain
delegates authority for example.com
• The example.com name server authoritatively
defines the IP addresses for all resources in its
domain
• example.com delegates responsibility for
test.example.com to demo.example.com
43
Home
networking
Routing DHCP NAT ARP DNS
DNS Configuration
• TTL
– Zones will not change for the next 86400 seconds
(1 day)
• Foreign NS can cache query results for 1 day
• Serial
– NS keeps track of last serial number
– If serial number > last serial number
• NS broadcasts entire zone table to backup NS
44
Home
networking
Routing DHCP NAT ARP DNS
Putting it all together: Home networking
• We have now seen all the components used to
build home networks using off-the-shelf
wireless routers
• The wireless router acts as a NAPT router and
DHCP, DNS server
45
Home
networking
Routing DHCP NAT ARP DNS
Home networking
(3) External IP address
(2) Wireless router status page
WAN address visible to outside world
(1) ipconfig output on home computer
Wireless router provides
network services on internal
address
46
Home
networking
Routing DHCP NAT ARP DNS
Home networking
• WAN IP address can be looked up at ARIN
website
Home
networking
Summary
•
•
•
•
•
Why DHCP
Why non-routable IP addresses
Why ARP
Why DNS
Components of home network
Case study – Yahoo! Stores
• DNS and virtual hosting enable ISP services
• For example, consider Yahoo! stores
# nslookup www.green-tooth.com
–
–
–
–
–
Non-authoritative answer:
www.green-tooth.com canonical name = stores.yahoo.net.
stores.yahoo.net
Address: 68.142.205.137
www.invitationshack.com canonical name = stores.yahoo.net.
stores.yahoo.net
Address: 68.142.205.137
Case study – Yahoo! stores
www.example.com
Client
Internet
www.example.net
Web sites folder
www.example.org
DNS server
Web server
www.example.com
example_com
www.example.net
example_net
www.example.org
example_org
Hands-on exercise
• nslookup
Network design exercise
• Services requiring externally addressable IP
addresses
• Add Internet connection
• Include NAPT device
Related documents
7. Refer to the exhibit. Which value will be configured for Default
7. Refer to the exhibit. Which value will be configured for Default
DHCP Security Analysis
DHCP Security Analysis
Basic Server Roles: File Services Role: The File Services Role has
Basic Server Roles: File Services Role: The File Services Role has
PowerPoint Slides
PowerPoint Slides
Configuring DHCP Scopes and Options
Configuring DHCP Scopes and Options
Setting DHCP Server via Winbox on Mikrotik PC Router
Setting DHCP Server via Winbox on Mikrotik PC Router
Mod 01 Scaling IP Addresses
Mod 01 Scaling IP Addresses
PT Activity 7.4.3: Troubleshooting DHCP and NAT (Instructor)
PT Activity 7.4.3: Troubleshooting DHCP and NAT (Instructor)
Download
advertisement