* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download IP: Datagram and Addressing
Survey
Document related concepts
Dynamic Host Configuration Protocol wikipedia , lookup
Deep packet inspection wikipedia , lookup
Internet protocol suite wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Computer network wikipedia , lookup
Distributed firewall wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
NAT, DHCP Autonomous System Network Protocols and Standards Winter 2007-2008 Jan 29, 2008 CS573: Network Protocols and Standards 1 IPv4 IP Datagram Format IPv4 Addressing ARP and RARP IP Routing Basics Subnetting and Supernetting ICMP Network Address Translation (NAT) Dynamic Addressing Jan 29, 2008 CS573: Network Protocols and Standards 2 Private Networks Private networks have no “direct” connection to the Internet Blocks of addresses have been reserved for the private networks (RFC 1918) Blocks in different classes Jan 29, 2008 10.0.0.0 – 10.255.255.255 (1 class A) 172.16.0.0 – 172.31.255.255 (16 class B) 192.168.0.0 – 192.168.255.255 (256 class C) CS573: Network Protocols and Standards 3 Purpose Internet Host 1 Host 2 IP1 Firewall IP2 Host N Protected Network Jan 29, 2008 Machines in the protected network can access the Internet normally Packets coming from the protected network all appear to be coming from IP1 Addresses in the protected network are in the private range CS573: Network Protocols and Standards 4 Implementation Hosts inside the private network are configured to use the firewall (IP2) as their gateway The firewall rewrites the IP datagram header for the outbound packets, replacing the source IP with IP1 All packets “seem” to be coming from IP1 The destination IP in the packets received from the Internet is IP1; it is rewritten replacing IP1 with the IP address of the internal destination Problem: How to figure out what is the right destination in the private network? Jan 29, 2008 CS573: Network Protocols and Standards 5 Demultiplexing Incoming Packets There is not enough information in the IP header to demultiplex incoming packets It is necessary to use information from the higher layers (transport layer) Common transport layers: TCP and UDP Transport layer has the concept of port which identifies which process in the host should finally get the packet Jan 29, 2008 CS573: Network Protocols and Standards 6 Ports 16-bit numbers identifying which process should get the packet UDP and TCP ports exist in different spaces Each packet carries two port numbers Jan 29, 2008 Telnet FTP TCP The source port of the process which generated it in the source host The destination port of the process which should get it at the destination CS573: Network Protocols and Standards UDP IP 7 Implementation (revisited) Upon receiving an outbound packet from a host in the private network, the firewall: Rewrites the source IP with its own IP (IP1) Generates a local source port and rewrites the source port in the packet as this port and makes a record of it Upon receiving an inbound packet from the Internet, the firewall checks whether the destination port in the packet is in the list of local ports: If not, the packet is dropped Jan 29, 2008 Can not initiate connections from outside! If yes, the firewall knows where to send this packet CS573: Network Protocols and Standards 8 IPv4 IP Datagram Format IPv4 Addressing ARP and RARP IP Routing Basics Subnetting and Supernetting ICMP Network Address Translation (NAT) Dynamic Addressing Jan 29, 2008 CS573: Network Protocols and Standards 9 BOOTP Alternative to RARP RARP operates at a low level, requesting direct access to the network hardware Jan 29, 2008 Difficult for an application programmer to build a server RARP gives “only” the IP address CS573: Network Protocols and Standards 10 BOOTP Devised to allow a machine to obtain: Its IP address Address of a router Subnet mask to use Address of a name server Can be implemented with an application program Jan 29, 2008 Uses UDP/IP for communication CS573: Network Protocols and Standards 11 BOOTP Reliability in communication is based on UDP checksum Timeout and retransmissions To minimize collisions among many clients, use random timeouts Increase timeouts with each retransmission Jan 29, 2008 Starting with the interval 0-4 seconds Doubling interval each retransmission up to 60s CS573: Network Protocols and Standards 12 BOOTP Message Format 0 8 OP Jan 29, 2008 16 24 31 bits HTYPE HLEN HOPS Transaction ID Seconds Unused Client IP Address Your IP Address Server IP Address Router IP Address Client Hardware Address (16 octets) Server Hostname (64 octets) Boot File Name (128 octets) Vendor-specific area (64 octets) CS573: Network Protocols and Standards 13 BOOTP Message Field OP HTYPE and HLEN Client passes 0 in this field; BOOTP server increments it if the request is passed to another server across a router Transaction ID Hardware type and address length (For Ethernet, HTYPE is 1 and HLEN is 6) HOPS Specifies whether a request(1) or reply(2) Contains an integer that machines use to match requests with responses Seconds Jan 29, 2008 Number of seconds since the client started to boot CS573: Network Protocols and Standards 14 BOOTP Message Remaining fields in the message To allow the greatest flexibility Clients fill in as much information as they know; unknown fields are set to zero Example Jan 29, 2008 If server IP or server hostname are non-zero, only the server with matching address/name will answer the request If they are zero, any server that receives the request will reply CS573: Network Protocols and Standards 15 BOOTP Message Format BOOTP can be used by a client that already knows its IP address (e.g., to obtain boot file information) A client that knows its IP address places it in the client IP address field; other clients set this field to zero If the client’s IP address in the request message is zero, a server returns the client IP address in the “your IP address” field Jan 29, 2008 CS573: Network Protocols and Standards 16 DHCP Dynamic Host Configuration Protocol RARP and BOOTP designed for relatively static environment Each host a permanent network connection Manager creates a BOOTP configuration file specifying BOOTP parameters for each host Manager configures server with mapping of host identifier to IP address New Requirements Jan 29, 2008 Portable computers Number of computers exceeds available IP host addresses (although not all will be up and running at the same time) CS573: Network Protocols and Standards 17 DHCP DHCP allows: Jan 29, 2008 Manual configuration Automatic configuration Managers let DHCP server assign a permanent address when a computer first attaches to the network Dynamic configuration Loaning IP addresses for a limited time CS573: Network Protocols and Standards 18 IP Routing Protocols Jan 29, 2008 CS573: Network Protocols and Standards 19 IP Routing Autonomous System Domain Intra-domain Routing Inter-domain Routing Interior Gateway Protocols Exterior Gateway Protocols IP Multicast Routing MPLS Jan 29, 2008 CS573: Network Protocols and Standards 20 Routing in the Internet Routing Algorithms Routing Protocols Bellman-Ford Dijkstra Distance Vector Link State Routing Hierarchy Jan 29, 2008 Interior Gateway Protocols (RIP, OSPF, IGRP) Exterior Gateway Protocols (EGP, BGP, CIDR, Policy Routing) Multicasting (IGMP) CS573: Network Protocols and Standards 21 Internet from the start First, there was ARPANET Routers had complete information about all the possible destinations – core routers GGP (gateway-to-gateway) protocol was used for routing – a distance vector protocol R R H R R Jan 29, 2008 H H CS573: Network Protocols and Standards 22 Internet from the start Then, LANs were connected to ARPANET ARPANET R LAN Jan 29, 2008 R LAN R Core Routers LAN CS573: Network Protocols and Standards 23 Internet from the start Problems with above configuration: Routing overhead increased with the number of connected routers Jan 29, 2008 Number of routes increased with the number of connected segments Frequency of routing exchanges increased Higher likelihood that something went wrong somewhere requiring updates Number of different types of routers increased Slow deployment of new versions of routing algorithms CS573: Network Protocols and Standards 24 Internet from the start Backbone Network R1 Core Router Local Network R2 Local Network Jan 29, 2008 R3 Local Network R4 CS573: Network Protocols and Standards Local Network 25 Autonomous System Backbone Network R AS R AS R Core Routers AS AS: Autonomous System Jan 29, 2008 CS573: Network Protocols and Standards 26 Autonomous System What is an autonomous system? A set of routers and networks under the same administration. Examples: Jan 29, 2008 A single router directly connecting one local network to the Internet A corporate network linking several local networks through a corporate backbone A set of client networks served by a single ISP NOTE: From a routing point of view, all parts of an AS must remain connected CS573: Network Protocols and Standards 27 Autonomous System Internal connectivity within the AS means: All routers must be connected Parts of network connected through core AS (yes, core is an AS!) cannot form an AS All routers must exchange routing information in order to maintain the connectivity (normally achieved by using a single routing protocol) Routers inside an AS are called “interior gateway” and the protocol they use is called Interior Gateway Protocol (IGP) Jan 29, 2008 CS573: Network Protocols and Standards 28 Autonomous System In 1982, the IGP of choice was GGP IGPs in use today are: RIP OSPF IGRP Each AS is identified by a 16-bit number Number is assigned by the numbering authorities Jan 29, 2008 CS573: Network Protocols and Standards 29 Autonomous System: Benefits Routing overhead is lower Network management becomes easy Easier computation of new routes Distribution of new software versions is easier Failing elements can be isolated easily AS use an Exterior Gateway Protocol to exchange information about reachability Jan 29, 2008 CS573: Network Protocols and Standards 30