DHCP & NAT Flashcards
Communicating with IP
Three essential configuration elements, one really important
- IP address
- Subnet mask
- Gateway router
- A DNS server (useful to use the web but not necessary)
Problem:
- How do we get these values when we connect to a network (e.g. eduroam)
IP addresses: how to get one?
That’s actually two questions:
1.Q: How does a host get an IP address within its network (host part of address)?
2.Q: How does a network get an IP address for itself (network part of address)
How does a host get an IP address?
- hard-coded by sysadmin in config file (e.g., /etc/rc.config in UNIX)
- DHCP: Dynamic Host Configuration Protocol: dynamically get address from as server
* “plug-and-play”
Option 1: How to assign an IP address to a host?
Option 2: Dynamic assignment
DHCP: Dynamic Host Configuration Protocol
Goal: allow hosts to dynamically obtain their IP addresses from a network server when they join the network
¤ A host can renew its lease on the address in use
¤ Allows reuse of addresses (only holds address while connected/ “on”)
¤ Support for mobile users who want to join the network (more shortly)
¤ Plug-and-play
¤ Defined in RFC 2131
DHCP background
- Allows a computer to join an IP network without having a pre-configured IP address
¤ Runs over UDP/ IP
¤ Temporarily binds IP address and other parameters to DHCP client
¤ Provides framework for passing further configuration information to hosts - DHCP assigns a locally unique IP address
¤ Simplifies installation and configuration of end systems
¤ Allows for manual and automatic IP address assignment
¤ May provide additional configuration information
* DNS server, sub-netmask, default router, etc. - Used by
¤ Home networks, wifi hotspots, enterprise networks
DHCP components
- DHCP Server
- Assigned to specific network
- Configuration parameters
- Pool of available IP addresses
- Correct subnet masks
- Network gateway
- Name server addresses
- DHCP Databases
- 1st database for manual IP acquisition
- Permanently bound to hardware address
- 2nd database for pool of addresses
- Dynamically assigned on request (FCFS)
- 1st database for manual IP acquisition
- DHCP Clients
- Automatically retrieve DCHP settings
- Have to “speak” DHCP protocol
DHCP procedure
- Client broadcasts DHCP DISCOVER packet
¤ Server answers - DHCP servers lease addresses to clients
¤ Client sends request
¤ Server allocates address from an address pool
¤ Server adds client to (lease) database with timeout
¤ Server replies to client with address, servers, … - Client sends subsequent request to renew address lease
¤ After ½ the lease time client can renew the lease
¤ Provided not timed-out, server sends same address
DHCP client-server scenario
DHCP: more than IP addresses
- DHCP can return more than just allocated IP address on subnet:
¤ Address of first-hop router for client
¤ Name and IP address of DNS sever
¤ Network mask (indicating network versus host portion of address)
¤ Other configuration such as web proxy, network time server, network allocated hostname
DHCP leases
- Address Usage
¤ After address has expired client must stop using address and acquire a new address
¤ If there are more than one DHCP server client can select the best “offer” - Address Leases
¤ Manual Lease: Network manager explicitly assigns all IP addresses
¤ Automatic Lease: DHCP server permanently assigns some addresses and dynamically others
¤ Dynamic Lease: DHCP server dynamically assigns IP addresses for a specific period of time when permanent address is not required
DHCP Request (from home LAN)
DHCP Response (from home LAN)
DHCP message format
Message types
- DHCPDISCOVER: Broadcast by a client to find available DHCP servers
- DHCPOFFER: Response from a server to a DHCPDISCOVER and offering IP address and other parameters
- DHCPREQUEST: Message from a client to servers that does one of the following:
– Requests the parameters offered by one of the servers and declines all other offers
* Broadcast message
– Verifies a previously allocated address after a system or network change (a reboot for
example)
– Requests the extension of a lease on a particular address - DHCPACK: Acknowledgement from server to client with parameters, including IP address
- DHCPNACK: Negative acknowledgement from server to client, indicating that the client’s lease has expired or that a requested IP address is incorrect
- DHCPDECLINE: Message from client to server indicating that the offered address is already in use
- DHCPRELEASE: Message from client to server canceling remainder of a lease and relinquishing network address
- DHCPINFORM: Message from a client that already has an IP address (manually configured for example), requesting further configuration parameters from the DHCP server
DCHP: protocol in use
DHCP pros
- Relieves the network administrator of manual
configuration - Device can be moved from network to network and automatically obtain valid configuration parameters for the current network
- IP addresses are only allocated when needed
¤ It is possible to re-use IP addresses after lease
* Especially considering mobile clients, public wifi
¤ Conserve /reduce total number of addresses in use
DHCP limitations
- Server Issues
¤ A machine to run the DHCP server continually is required
¤ When DHCP server is unavailable, client is unable to access the enterprise’s network - Security Problems
¤ Uses UDP, an unreliable and insecure protocol
¤ DHCP is an unauthenticated protocol
* When connecting to a network, the user is not required to provide credentials in order to obtain a lease
* Malicious users with physical access to the DHCP-enabled network can instigate a denial-of-service attack on DHCP servers by requesting many leases from the server, thereby depleting the number of leases that are available to other DHCP clients - DNS cannot be used for DHCP configured hosts
IP addresses: how to get one?
Q: how does network get subnet part of IP address?
A: gets allocated portion of its provider ISP’s address space
Hierarchical addressing: route aggregation
hierarchical addressing allows efficient advertisement of routing information:
Hierarchical addressing: more specific routes
- Organization 1 moves from Fly-By-Night-ISP to ISPs-R-Us
- ISPs-R-Us now advertises a more specific route to Organization 1
NAT: Network Address Translation
What is the issue
- IPv4 address scarcity
¤ Hierarchical allocation (waste)
¤ IANA / RIPE have allocated all main blocks - Solutions include
¤ Network Address Translation (NAT)
¤ IP version 6 (IPv6) – bigger addresses!
NAT: network address translation
NAT Basic Idea
- Local network uses just one IP address as far as outside world is concerned:
¤ Range of addresses not needed from ISP
* Just one IP address for all devices
¤ Can change addresses of devices in local network without notifying outside world
¤ Can change ISP without changing addresses of devices in local network
¤ Devices inside local net not explicitly addressable, visible by outside world (a security plus)
NAT Implementation
- NAT router functionality
¤ Outgoing datagrams:
* replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)
* remote clients/servers will respond using (NAT IP address, new port #) as destination addr- remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair
¤ Incoming datagrams:
* replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table
- remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair
NAT Example
