IP Address Services W.lilakiatsakun
Topics • DHCP (Dynamic Host Configuration Protocol) • NAT (Network Address Translation) • IPv6 (Internet Protocol version 6)
Introduction to DHCP • To enable host to obtain an IP address and necessary configuration from server • It is described in RFC 2131 • Application layer protocol • Client-server model • DHCP uses the same two ports assigned by IANA for BOOTP: destination UDP port 67 for sending data to the server, and UDP port 68 for data to the client
DHCP Allocation mechanism (1) • Manual Allocation • The administrator assigns a pre-allocated IP address to the client and DHCP only communicates the IP address to the device. • Automatic Allocation • DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. • There is no lease and the address is permanently assigned to a device.
DHCP Allocation mechanism (2) • Dynamic Allocation • DHCP automatically dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address.
BOOTP and DHCP (1) • BOOTP (Bootstrap Protocol) • It is defined in RFC951 • BOOTP is a way to download address and boot configurations for diskless workstations • Both DHCP and BOOTP use UDP ports 67 and 68. (known as BOOTP ports)
BOOTP and DHCP (2) • DHCP and BOOTP have two components, client and server • The server is a host with a static IP address that allocates, distributes, and manages IP and configuration data assignments. • Each allocation (IP and configuration data) is stored on the server in a data set called a binding. • The client is any device using DHCP as a method for obtaining IP addressing or supporting configuration information.
DHCP Message Format (1) • BOOTP and DHCP format are the same except option field that is only used in DHCP
DHCP Message Format (2) • Operation Code (OP) • Specifies the general type of message. • A value of 1 indicates a request message; a value of 2 is a reply message. • Hardware Type • Identifies the type of hardware used in the network. • For example, 1 is Ethernet, 15' is Frame Relay, and 20 is a serial line. These are the same codes used in ARP messages.
DHCP Message Format (3) • Hardware Address length • 8 bits to specify the length of the address. • Hops • Set to 0 by a client before transmitting a request and used by relay agents to control the forwarding of DHCP messages • Transaction Identifier • 32-bit identification generated by the client to allow it to match up the request with replies received from DHCP servers.
DHCP Message Format (4) • Seconds • Number of seconds elapsed since a client began attempting to acquire or renew a lease. • Busy DHCP servers use this number to prioritize replies when multiple client requests are outstanding.
DHCP Message Format (5) • Flags • Only one of the 16 bits is used, which is the broadcast flag. • A client that does not know its IP address when it sends a request, sets the flag to 1. • This value tells the DHCP server or relay agent receiving the request that it should send the reply back as a broadcast.
DHCP Message Format (6) • Client IP Address • The client puts its own IP address in this field if and only if it has a valid IP address while in the bound state; otherwise, it sets the field to 0. • The client can only use this field when its address is actually valid and usable, not during the process of acquiring an address. • Your IP Address • IP address that the server assigns to the client.
DHCP Message Format (7) • Server IP Address • Address of the server that the client should use for the next step in the bootstrap process, which may or may not be the server sending this reply. • Gateway IP Address • The gateway address facilitates communications of DHCP requests and replies between the client and a server that are on different subnets or networks.
DHCP Message Format (8) • Client Hardware Address • Specifies the Physical layer of the client. • Server Name • The server sending a DHCPOFFER or DHCPACK message may optionally put its name in this field. (dhcpserver.netacad.net)
DHCP Message Format (9) • Boot Filename • Optionally used by a client to request a particular type of boot file in a DHCPDISCOVER message. • Used by a server in a DHCPOFFER to fully specify a boot file directory and filename. • Options • Holds DHCP options, including several parameters required for basic DHCP operation. • Both client and server may use this field.
DHCP Relay (1) • The client is not in the same network of DHCP server • The solution is to enable routers to forward DHCP broadcasts to the DHCP servers. • When a router forwards address assignment/parameter requests, it is acting as a DHCP relay agent.
DHCP Relay (2) • Cisco IOS use command ip helper-address to do relay function. • It includes 8 UDP services • Port 37: Time • Port 49: TACACS • Port 53: DNS • Port 67: DHCP/BOOTP client • Port 68: DHCP/BOOTP server • Port 69: TFTP • Port 137: NetBIOS name service • Port 138: NetBIOS datagram service
DHCP Relay (3) • To specify additional ports, use the ip forward-protocol command to specify exactly which types of broadcast packets to forward.
Troubleshooting DHCP (2) In case of DHCP server is not on the same network and using DHCP relay function
Troubleshooting DHCP (3) A useful command for troubleshooting DHCP operation is the debug ip dhcp server events command. This command reports server events, like address assignments and database updates.
Private and Public IP Address (1) • All public Internet addresses must be registered with a Regional Internet Regiestry (RIR). • Organizations can lease public addresses from an ISP. • Only the registered holder of a public Internet address can assign that address to a network device.
Private and Public IP Address (2) • Private IP addresses are a reserved block of numbers that can be used by anyone. • To protect the public Internet address structure, ISPs typically configure the border routers to prevent privately addressed traffic from being forwarded over the Internet.
NAT (Network Address Translation) (1) • A mechanism to translate private addresses to public addresses at the edge of their network that works in both directions. • Without a translation system, private hosts behind a router in the network of one organization cannot connect with private hosts behind a router in other organizations over the Internet.
NAT (Network Address Translation) (3) • Inside local address • It is most likely an RFC 1918 private address. • In the figure, the IP address 192.168.10.10 is assigned to the host PC1 on the inside network. • Inside global address • Valid public address that the inside host is given when it exits the NAT router. • In this case, IP address 188.8.131.52 is used as the inside global address for PC1.
NAT (Network Address Translation) (4) • Outside global address • Valid public IP address assigned to a host on the Internet. For example, the web server is reachable at IP address 184.108.40.206. • Outside local address • The local IP address assigned to a host on the outside network. In most situations, this address will be identical to the outside global address of that outside device.
How NAT works (4) • There are two types of NAT translation: dynamic and static. • Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. • When a host with a private IP address requests access to the Internet, dynamic NAT chooses an IP address from the pool that is not already in use by another host.
How NAT works (5) • Static NAT uses a one-to-one mapping of local and global addresses, and these mappings remain constant. • Static NAT is particularly useful for web servers or hosts that must have a consistent address that is accessible from the Internet.
NAT Overload (1) • NAT overloading (sometimes called Port Address Translation or PAT) maps multiple private IP addresses to a single public IP address or a few addresses. • Multiple addresses can be mapped to one or to a few addresses because each private address is also tracked by a port number.
NAT vs NAT Overloading • NAT generally only translates IP addresses on a 1:1 correspondence between publicly exposed IP addresses and privately held IP addresses. • NAT overload modifies both the private IP address and port number of the sender.
Port Forwarding (1) • Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. • This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router.
Port Forwarding (2) • Typically, peer-to-peer file-sharing programs and key operations, such as web serving and outgoing FTP, require that router ports be forwarded or opened to allow these applications to work. • Because NAT hides internal addresses, peer-to-peer only works from the inside out where NAT can map register outgoing requests against incoming replies.