Download DHCP and NAT

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts

Airborne Networking wikipedia , lookup

Wireless security wikipedia , lookup

Computer network wikipedia , lookup

Internet protocol suite wikipedia , lookup

Distributed firewall wikipedia , lookup

Network tap wikipedia , lookup

Parallel port wikipedia , lookup

Point-to-Point Protocol over Ethernet wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

AppleTalk wikipedia , lookup

Remote Desktop Services wikipedia , lookup

I²C wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Lag wikipedia , lookup

Real-Time Messaging Protocol wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

Transcript 
DHCP and NAT
Tahir Azim
ref: Umar Kalim, NIIT
1
IP addresses: how to get one on a
LAN?
Q: How does host get IP address?
 hard-coded by system admin in a file


Wintel: control-panel->network->configuration->tcp/ip->properties
UNIX: /etc/rc.config
 DHCP: Dynamic Host Configuration Protocol:
dynamically get address: “plug-and-play”
 NAT: Network Address Translation
ref: Umar Kalim, NIIT
2
DHCP:
Dynamic Host Configuration Protocol
DHCP overview:
Goal: dynamically obtain an IP
address from network server
 Can renew its lease on address
in use
 Allows reuse of addresses
 Support for mobile users



Relay agent on
every LAN
ref: Umar Kalim, NIIT

host broadcasts “DHCP
discover” msg
DHCP server responds with
“DHCP offer” msg
host requests IP address:
“DHCP request” msg
DHCP server sends address:
“DHCP ack” msg
3
DHCP client-server scenario
A
B
223.1.2.1
DHCP
server
223.1.1.1
223.1.1.2
223.1.1.4
223.1.2.9
223.1.2.2
223.1.1.3
223.1.3.1
223.1.3.27
223.1.3.2
E
arriving DHCP
client needs
address in this
network
Router sometimes works as “DHCP relay agent”
ref: Umar Kalim, NIIT
4
DHCP client-server scenario
DHCP server: 223.1.2.5
DHCP discover
broadcast
Protocol
Overview
arriving
client
src : 0.0.0.0, 68
dest.: 255.255.255.255,67
yiaddr: 0.0.0.0
transaction ID: 654
broadcast
DHCP offer
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 654
Lifetime: 3600 secs
DHCP request
time
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
Unicast ?
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
ref: Umar Kalim, NIIT
5
DHCP Packet Format
op (1 byte)
htype (1 byte)
hlen (1 byte)
hops (1 byte)
xid (4 bytes)
secs (2 bytes)
flags (2 bytes)
ciaddr (4 bytes)
yiaddr (4 bytes)
siaddr (4 bytes)
giaddr (4 bytes)
chaddr (16 bytes)
sname (64 bytes)
file (128 bytes)
options (variable)
ref: Umar Kalim, NIIT
6
DHCP Packet Format: Fields (1
of 3)
 op – Message Type
• 1 = BOOTREQUEST: Client to server
• 2 = BOOTREPLY: Server to client
 htype – Hardware Address Type
• 1 = 10Mb Ethernet
 hlen – Hardware Address Length (in bytes)
• 6 (bytes) for 10Mb Ethernet.
 hops – Hops taken so far
• Client sets to 0. Optionally used by relay agents when
booting via relay agent.
 xid – Transaction Id. Unique number to associate
messages.
• Random number chosen by the client.
 secs – Number of seconds elapsed since client
began address acquisition/renewal
• Filled in by the client.
ref: Umar Kalim, NIIT
7
DHCP Packet Format: Fields (2
of 3)
 flags
 ciaddr – Client IP Address
• Only filled in if client is in BOUND, RENEW or
REBINDING states.
 yiaddr – Your IP Address
• The IP Address that the server gives to the client.
ref: Umar Kalim, NIIT
8
DHCP Packet Format: Fields (3
of 3)
 siaddr – Server IP Address
• Address of next server to use. Set by server in DHCP-OFFER and
DHCP-ACK.
 giaddr – Gateway/ Relay Agent IP Address.
• Used if indirect connection to the DHCP Server.
 chaddr – Client Hardware Address
• The Ethernet/MAC Address of the client.
 sname – Server Name
• Optional server name. Null terminated string.
 file – Boot File Name
• Null terminated string.
 options – Various optional fields.
ref: Umar Kalim, NIIT
9
NAT: Network Address Translation
 Motivation: demand for IP addresses increases with the arrival of
small devices.
 NAT solution:
 local network uses just one IP address as far as outside world is
concerned
 allocate addresses to devices in local network without notifying
outside world
 can change ISP without changing addresses of devices in local
network
 devices inside local net not explicitly addressable, visible by
outside world (a security plus).
 widespread use
 Private IP addresses:
 10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
ref: Umar Kalim, NIIT
10
NAT: Network Address Translation
rest of
Internet
local network
(e.g., home network)
10.0.0/24
10.0.0.4
10.0.0.1
10.0.0.2
138.76.29.7
10.0.0.3
All datagrams leaving local
network have same single source
NAT IP address: 138.76.29.7,
different source port numbers
Datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
ref: Umar Kalim, NIIT
11
NAT: Network Address Translation
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
2
NAT translation table
WAN side addr
LAN side addr
1: host 10.0.0.1
sends datagram to
128.119.40.186, 80
138.76.29.7, 5001 10.0.0.1, 3345
……
……
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3: Reply arrives
dest. address:
138.76.29.7, 5001
3
1
10.0.0.4
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
ref: Umar Kalim, NIIT
12
NAT Implementation
16 bit port#
Private
Addr
Private Port
External
Addr
External
Port
NAT Addr
NAT
Port
Protocol
nb-addr
nb-port1
yahoo
80
gw-addr
3001
tcp
nb-addr
nb-port2
dns.sjsu
53
gw-addr
3002
udp
nb-addr
nb-port3
yahoo
80
gw-addr
3003
tcp
pc-addr
pc-port1
yahoo
80
gw-addr
3004
tcp
outgoing: replace (src IP addr, port #) to (NAT addr, NAT port #)
. . . remote will respond to (NAT addr, NAT port #)
remember (in NAT translation table) every (src IP addr, port #) to (NAT addr,
NAT port #) translation pair
incoming: replace (NAT addr, NAT port #) in dest fields of every incoming
datagram with corresponding (src IP add, port #) stored in NAT table
ref: Umar Kalim, NIIT
13
Load Balancing Servers with
NAT
Server
Public
Internet
Server
Private
Intranet
Server
Server
 Single IP address for web server
 Redirects workload to multiple internal
servers
ref: Umar Kalim, NIIT
14
Load Balancing Networks with
NAT
Service Provider 1
Private
Intranet
NAT
Gateway
Network X
Service Provider 2
 Connections from Private Intranet split across Service
Providers 1 and 2
 Load balances at connection level

How to identify a connection?
• Using source IP, destination IP, source and destination port numbers

Load balancing at IP level can cause low TCP throughput. Why?
ref: Umar Kalim, NIIT
15
NAT Discussion
 NAT works best with TCP connections
 NAT breaks End-to-End Principle by
modifying packets
 Problems

Applications use IP addresses within data
stream (FTP)
• Most implementations only recognize a few standard
applications
 Connectionless
UDP (Quake multiplayer)
 Need to watch/modify data packets
ref: Umar Kalim, NIIT
16
Related documents
Lab 9
Lab 9
Slides - CUNY.edu
Slides - CUNY.edu
Module 1 - IT, Sligo
Module 1 - IT, Sligo
Network Address Translation (NAT)
Network Address Translation (NAT)
IP addressing
IP addressing
Operating System Structures
Operating System Structures
Network Address Translation (NAT)
Network Address Translation (NAT)
How to Use an Alternate TCP/IP Configuration
How to Use an Alternate TCP/IP Configuration
eRouter-200TM
eRouter-200TM
Interpreters and Compilers
Interpreters and Compilers
percussion WHAT IS INVOLVED IN NAT 5 MUSIC?
percussion WHAT IS INVOLVED IN NAT 5 MUSIC?
Document
Document