DHCP & NAT Flashcards

1
Q

Communicating with IP

A

Three essential configuration elements, one really important
- IP address
- Subnet mask
- Gateway router
- A DNS server (useful to use the web but not necessary)

Problem:
- How do we get these values when we connect to a network (e.g. eduroam)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IP addresses: how to get one?

A

That’s actually two questions:

1.Q: How does a host get an IP address within its network (host part of address)?
2.Q: How does a network get an IP address for itself (network part of address)

How does a host get an IP address?
- hard-coded by sysadmin in config file (e.g., /etc/rc.config in UNIX)
- DHCP: Dynamic Host Configuration Protocol: dynamically get address from as server
* “plug-and-play”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Option 1: How to assign an IP address to a host?

A

Option 2: Dynamic assignment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DHCP: Dynamic Host Configuration Protocol

A

Goal: allow hosts to dynamically obtain their IP addresses from a network server when they join the network
¤ A host can renew its lease on the address in use
¤ Allows reuse of addresses (only holds address while connected/ “on”)
¤ Support for mobile users who want to join the network (more shortly)
¤ Plug-and-play
¤ Defined in RFC 2131

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DHCP background

A
  • Allows a computer to join an IP network without having a pre-configured IP address
    ¤ Runs over UDP/ IP
    ¤ Temporarily binds IP address and other parameters to DHCP client
    ¤ Provides framework for passing further configuration information to hosts
  • DHCP assigns a locally unique IP address
    ¤ Simplifies installation and configuration of end systems
    ¤ Allows for manual and automatic IP address assignment
    ¤ May provide additional configuration information
    * DNS server, sub-netmask, default router, etc.
  • Used by
    ¤ Home networks, wifi hotspots, enterprise networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DHCP components

A
  • DHCP Server
    • Assigned to specific network
    • Configuration parameters
      • Pool of available IP addresses
      • Correct subnet masks
      • Network gateway
      • Name server addresses
    • DHCP Databases
      • 1st database for manual IP acquisition
        • Permanently bound to hardware address
      • 2nd database for pool of addresses
        • Dynamically assigned on request (FCFS)
  • DHCP Clients
    • Automatically retrieve DCHP settings
    • Have to “speak” DHCP protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DHCP procedure

A
  • Client broadcasts DHCP DISCOVER packet
    ¤ Server answers
  • DHCP servers lease addresses to clients
    ¤ Client sends request
    ¤ Server allocates address from an address pool
    ¤ Server adds client to (lease) database with timeout
    ¤ Server replies to client with address, servers, …
  • Client sends subsequent request to renew address lease
    ¤ After ½ the lease time client can renew the lease
    ¤ Provided not timed-out, server sends same address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DHCP client-server scenario

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

DHCP: more than IP addresses

A
  • DHCP can return more than just allocated IP address on subnet:
    ¤ Address of first-hop router for client
    ¤ Name and IP address of DNS sever
    ¤ Network mask (indicating network versus host portion of address)
    ¤ Other configuration such as web proxy, network time server, network allocated hostname
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DHCP leases

A
  • Address Usage
    ¤ After address has expired client must stop using address and acquire a new address
    ¤ If there are more than one DHCP server client can select the best “offer”
  • Address Leases
    ¤ Manual Lease: Network manager explicitly assigns all IP addresses
    ¤ Automatic Lease: DHCP server permanently assigns some addresses and dynamically others
    ¤ Dynamic Lease: DHCP server dynamically assigns IP addresses for a specific period of time when permanent address is not required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DHCP Request (from home LAN)

A

DHCP Response (from home LAN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DHCP message format

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Message types

A
  • DHCPDISCOVER: Broadcast by a client to find available DHCP servers
  • DHCPOFFER: Response from a server to a DHCPDISCOVER and offering IP address and other parameters
  • DHCPREQUEST: Message from a client to servers that does one of the following:
    – Requests the parameters offered by one of the servers and declines all other offers
    * Broadcast message
    – Verifies a previously allocated address after a system or network change (a reboot for
    example)
    – Requests the extension of a lease on a particular address
  • DHCPACK: Acknowledgement from server to client with parameters, including IP address
  • DHCPNACK: Negative acknowledgement from server to client, indicating that the client’s lease has expired or that a requested IP address is incorrect
  • DHCPDECLINE: Message from client to server indicating that the offered address is already in use
  • DHCPRELEASE: Message from client to server canceling remainder of a lease and relinquishing network address
  • DHCPINFORM: Message from a client that already has an IP address (manually configured for example), requesting further configuration parameters from the DHCP server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

DCHP: protocol in use

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DHCP pros

A
  • Relieves the network administrator of manual
    configuration
  • Device can be moved from network to network and automatically obtain valid configuration parameters for the current network
  • IP addresses are only allocated when needed
    ¤ It is possible to re-use IP addresses after lease
    * Especially considering mobile clients, public wifi
    ¤ Conserve /reduce total number of addresses in use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DHCP limitations

A
  • Server Issues
    ¤ A machine to run the DHCP server continually is required
    ¤ When DHCP server is unavailable, client is unable to access the enterprise’s network
  • Security Problems
    ¤ Uses UDP, an unreliable and insecure protocol
    ¤ DHCP is an unauthenticated protocol
    * When connecting to a network, the user is not required to provide credentials in order to obtain a lease
    * Malicious users with physical access to the DHCP-enabled network can instigate a denial-of-service attack on DHCP servers by requesting many leases from the server, thereby depleting the number of leases that are available to other DHCP clients
  • DNS cannot be used for DHCP configured hosts
17
Q

IP addresses: how to get one?

A

Q: how does network get subnet part of IP address?
A: gets allocated portion of its provider ISP’s address space

18
Q

Hierarchical addressing: route aggregation

A

hierarchical addressing allows efficient advertisement of routing information:

19
Q

Hierarchical addressing: more specific routes

A
  • Organization 1 moves from Fly-By-Night-ISP to ISPs-R-Us
  • ISPs-R-Us now advertises a more specific route to Organization 1
20
Q

NAT: Network Address Translation
What is the issue

A
  • IPv4 address scarcity
    ¤ Hierarchical allocation (waste)
    ¤ IANA / RIPE have allocated all main blocks
  • Solutions include
    ¤ Network Address Translation (NAT)
    ¤ IP version 6 (IPv6) – bigger addresses!
21
Q

NAT: network address translation

A
22
Q

NAT Basic Idea

A
  • Local network uses just one IP address as far as outside world is concerned:
    ¤ Range of addresses not needed from ISP
    * Just one IP address for all devices
    ¤ Can change addresses of devices in local network without notifying outside world
    ¤ Can change ISP without changing addresses of devices in local network
    ¤ Devices inside local net not explicitly addressable, visible by outside world (a security plus)
23
Q

NAT Implementation

A
  • NAT router functionality
    ¤ Outgoing datagrams:
    * replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)
    * remote clients/servers will respond using (NAT IP address, new port #) as destination addr
    • remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair
      ¤ Incoming datagrams:
      * replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table
24
Q

NAT Example

A
25
Q

NAT Implications

A
  • 16-bit port-number field:
    ¤ 60,000 simultaneous connections with a single LAN-side address!
  • NAT is controversial:
    ¤ routers should only process up to layer 3
    ¤ address shortage should be solved by IPv6
    ¤ violates end-to-end argument
    • NAT possibility must be taken into account by app designers, e.g., P2P applications
      ¤ NAT traversal: what if client wants to connect to server behind NAT?
  • Performance/scalability issues
    – Per flow state!
    – Modifying IP and Port numbers means NAT must re-compute IP and TCP checksums
  • Breaks the layered network abstraction
  • Breaks end-to-end Internet connectivity
    – Problem is worse when both communicating hosts are behind NATs!
26
Q

NAT Implications (Natural firewall)

A
  • A NAT only allows incoming packets from IP addresses where there is an entry in the NAT translation table (i.e., the connection must be originally initiated from within the LAN).
27
Q

Connecting two hosts behind a NAT

A
  • NAT hole punching
  • Uses a relay to communicate
  • Much simpler with UDP