IP Address Services
74
IP Address Services W.lilakiatsakun
-
Upload
gemma-cantu -
Category
Documents
-
view
31 -
download
2
description
IP Address Services. W.lilakiatsakun. Topics. DHCP (Dynamic Host Configuration Protocol) NAT (Network Address Translation) IPv6 (Internet Protocol version 6). Introduction to DHCP. To enable host to obtain an IP address and necessary configuration from server It is described in RFC 2131 - PowerPoint PPT Presentation
Transcript of IP Address Services
IP Address Services
W.lilakiatsakun
Topics
• DHCP (Dynamic Host Configuration Protocol)• NAT (Network Address Translation)• IPv6 (Internet Protocol version 6)
Introduction to DHCP
• To enable host to obtain an IP address and necessary configuration from server
• It is described in RFC 2131• Application layer protocol • Client-server model• DHCP uses the same two ports assigned by
IANA for BOOTP: destination UDP port 67 for sending data to the server, and UDP port 68 for data to the client
DHCP Allocation mechanism (1)
• Manual Allocation – The administrator assigns a pre-allocated IP
address to the client and DHCP only communicates the IP address to the device.
• Automatic Allocation– DHCP automatically assigns a static IP address
permanently to a device, selecting it from a pool of available addresses.
– There is no lease and the address is permanently assigned to a device.
DHCP Allocation mechanism (2)
• Dynamic Allocation– DHCP automatically dynamically assigns, or leases,
an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address.
DHCP Operation
BOOTP and DHCP (1)
• BOOTP (Bootstrap Protocol) – It is defined in RFC951– BOOTP is a way to download address and boot
configurations for diskless workstations– Both DHCP and BOOTP use UDP ports 67 and 68.
(known as BOOTP ports)
BOOTP and DHCP (2)
• DHCP and BOOTP have two components, client and server– The server is a host with a static IP address that
allocates, distributes, and manages IP and configuration data assignments. • Each allocation (IP and configuration data) is stored on
the server in a data set called a binding.
– The client is any device using DHCP as a method for obtaining IP addressing or supporting configuration information.
BOOTP and DHCP (3)
DHCP Message Format (1)
• BOOTP and DHCP format are the same except option field that is only used in DHCP
DHCP Message Format (2)
• Operation Code (OP) – Specifies the general type of message. • A value of 1 indicates a request message; a value of 2 is
a reply message.
• Hardware Type – Identifies the type of hardware used in the
network. • For example, 1 is Ethernet, 15' is Frame Relay, and 20 is
a serial line. These are the same codes used in ARP messages.
DHCP Message Format (3)
• Hardware Address length – 8 bits to specify the length of the address.
• Hops – Set to 0 by a client before transmitting a request and
used by relay agents to control the forwarding of DHCP messages
• Transaction Identifier – 32-bit identification generated by the client to allow
it to match up the request with replies received from DHCP servers.
DHCP Message Format (4)
• Seconds – Number of seconds elapsed since a client began
attempting to acquire or renew a lease.– Busy DHCP servers use this number to prioritize
replies when multiple client requests are outstanding.
DHCP Message Format (5)
• Flags – Only one of the 16 bits is used, which is the
broadcast flag. – A client that does not know its IP address when it
sends a request, sets the flag to 1. • This value tells the DHCP server or relay agent receiving
the request that it should send the reply back as a broadcast.
DHCP Message Format (6)
• Client IP Address – The client puts its own IP address in this field if and
only if it has a valid IP address while in the bound state; otherwise, it sets the field to 0.
– The client can only use this field when its address is actually valid and usable, not during the process of acquiring an address.
• Your IP Address – IP address that the server assigns to the client.
DHCP Message Format (7)
• Server IP Address – Address of the server that the client should use for
the next step in the bootstrap process, which may or may not be the server sending this reply.
• Gateway IP Address – The gateway address facilitates communications of
DHCP requests and replies between the client and a server that are on different subnets or networks.
DHCP Message Format (8)
• Client Hardware Address – Specifies the Physical layer of the client.
• Server Name – The server sending a DHCPOFFER or DHCPACK
message may optionally put its name in this field. (dhcpserver.netacad.net)
DHCP Message Format (9)
• Boot Filename – Optionally used by a client to request a particular
type of boot file in a DHCPDISCOVER message. – Used by a server in a DHCPOFFER to fully specify a
boot file directory and filename.
• Options – Holds DHCP options, including several parameters
required for basic DHCP operation. – Both client and server may use this field.
DHCP Discover
DHCP Offer
DHCP Relay (1)
• The client is not in the same network of DHCP server
• The solution is to enable routers to forward DHCP broadcasts to the DHCP servers.
• When a router forwards address assignment/parameter requests, it is acting as a DHCP relay agent.
DHCP Relay (2)
• Cisco IOS use command ip helper-address to do relay function.
• It includes 8 UDP services– Port 37: Time – Port 49: TACACS– Port 53: DNS– Port 67: DHCP/BOOTP client– Port 68: DHCP/BOOTP server– Port 69: TFTP– Port 137: NetBIOS name service– Port 138: NetBIOS datagram service
DHCP Relay (3)
To specify additional ports, use the ip forward-protocol command to specify exactly which types of broadcast packets to forward.
Troubleshooting DHCP (1)
Troubleshooting DHCP (2)
In case of DHCP server is not on the same network and using DHCP relay function
Troubleshooting DHCP (3)
A useful command for troubleshooting DHCP operation is the debug ip dhcp server events command. This command reports server events, like address assignments and database updates.
Private and Public IP Address (1)
• All public Internet addresses must be registered with a Regional Internet Regiestry (RIR). – Organizations can lease public addresses from an
ISP. – Only the registered holder of a public Internet
address can assign that address to a network device.
Private and Public IP Address (2)
• Private IP addresses are a reserved block of numbers that can be used by anyone. – To protect the public Internet address structure,
ISPs typically configure the border routers to prevent privately addressed traffic from being forwarded over the Internet.
Private and Public IP Address (3)
NAT (Network Address Translation) (1)
• A mechanism to translate private addresses to public addresses at the edge of their network that works in both directions. – Without a translation system, private hosts behind
a router in the network of one organization cannot connect with private hosts behind a router in other organizations over the Internet.
NAT (Network Address Translation) (2)
NAT (Network Address Translation) (3)
• Inside local address – It is most likely an RFC 1918 private address. – In the figure, the IP address 192.168.10.10 is
assigned to the host PC1 on the inside network.
• Inside global address – Valid public address that the inside host is given
when it exits the NAT router. – In this case, IP address 209.165.200.226 is used as
the inside global address for PC1.
NAT (Network Address Translation) (4)
• Outside global address – Valid public IP address assigned to a host on the
Internet. For example, the web server is reachable at IP address 209.165.201.1.
• Outside local address – The local IP address assigned to a host on the
outside network. In most situations, this address will be identical to the outside global address of that outside device.
NAT (Network Address Translation) (5)
How NAT works (1)
How NAT works (2)
How NAT works (3)
How NAT works (4)
• There are two types of NAT translation: dynamic and static.
• Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. – When a host with a private IP address requests
access to the Internet, dynamic NAT chooses an IP address from the pool that is not already in use by another host.
How NAT works (5)
• Static NAT uses a one-to-one mapping of local and global addresses, and these mappings remain constant. – Static NAT is particularly useful for web servers or
hosts that must have a consistent address that is accessible from the Internet.
NAT Overload (1)
• NAT overloading (sometimes called Port Address Translation or PAT) maps multiple private IP addresses to a single public IP address or a few addresses.
• Multiple addresses can be mapped to one or to a few addresses because each private address is also tracked by a port number.
NAT Overload (2)
NAT Overload (3)
NAT Overload (4)
NAT vs NAT Overloading
• NAT generally only translates IP addresses on a 1:1 correspondence between publicly exposed IP addresses and privately held IP addresses.
• NAT overload modifies both the private IP address and port number of the sender.
NAT Benefits and Drawbacks
Port Forwarding (1)
• Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another.– This technique can allow an external user to
reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router.
Port Forwarding (2)
• Typically, peer-to-peer file-sharing programs and key operations, such as web serving and outgoing FTP, require that router ports be forwarded or opened to allow these applications to work.
• Because NAT hides internal addresses, peer-to-peer only works from the inside out where NAT can map register outgoing requests against incoming replies.
Port Forwarding (3)
Verifying NAT (1)
Verifying NAT (2)
Verifying NAT (3)
Clearing NAT Table
Debugging NAT
Introduction to IPV6 (1)
• Need more available IP address– Population growth– Mobile users – Transportation– Consumer electronics
• No quality of service provided by IPv4
Introduction to IPV6 (2)
Introduction to IPV6 (3)
Introduction to IPV6 (4)
IPv6 addressing (1)
• IPv6 Representation (128 bit)– Leading zeros in a field are optional. • For example, the field 09C0 equals 9C0, and the field
0000 equals 0.
– Successive fields of zeros can be represented as two colons "::“• However, this shorthand method can only be used once
in an address..
– An unspecified address is written as "::" because it contains only zeros.
IPv6 addressing (2)
IPv6 addressing (3)
IPv6 Global Unicast Address (1)
• Global unicast addresses typically consists of a 48-bit global routing prefix and a 16-bit subnet ID.
• Individual organizations can use a 16-bit subnet field to create their own local addressing hierarchy. – This field allows an organization to use up to 65,535
individual subnets.
IPv6 Global Unicast Address (2)
For more information see RFC 3587, (IPv6 Global Unicast Address)
IPv6 Global Unicast Address (3)
• The current global unicast address that is assigned by the IANA uses the range of addresses that start with binary value 001 (2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of assigned addresses.
• The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the five RIR registries (ARIN, RIPE, APNIC, LACNIC, and AfriNIC).
IPv6 Reserved Address
• The IETF reserves a portion of the IPv6 address space for various uses, both present and future.
• Reserved addresses represent 1/256th of the total IPv6 address space.
• Some of the other types of IPv6 addresses come from this block.
IPv6 Private Address (1)
• Private addresses have a first octet value of "FE" in hexadecimal notation, with the next hexadecimal digit being a value from 8 to F.– Site-local addresses, these addresses begin with
"FEC", "FED", "FEE", or "FEF".• Same use as IPv4
– Link-local addresses, these addresses start with "FE8", "FE9", "FEA", or "FEB".• they are only for local communication on a particular
physical network segment.
Loopback Address
• Just as in IPv4, a provision has been made for a special loopback IPv6 address for testing; datagrams sent to this address "loop back" to the sending device.
• However, in IPv6 there is just one address, not a whole block, for this function.
• The loopback address is 0:0:0:0:0:0:0:1, which is normally expressed using zero compression as "::1".
Unspecified Address
• In IPv4, an IP address of all zeroes has a special meaning; it refers to the host itself, and is used when a device does not know its own address.
• In IPv6, this concept has been formalized, and the all-zeroes address (0:0:0:0:0:0:0:0) is named the "unspecified" address. – It is typically used in the source field of a datagram
that is sent by a device that seeks to have its IP address configured. ("::“)
IPv6 Transition Strategies (1)
IPv6 Transition Strategies (2)
• Dual Stacking– It is an integration method in which a node has
implementation and connectivity to both an IPv4 and IPv6 network.
– This is the recommended option and involves running IPv4 and IPv6 at the same time.
– Router and switches are configured to support both protocols, with IPv6 being the preferred protocol.
IPv6 Transition Strategies (3)
• Tunneling– Manual IPv6-over-IPv4 tunneling - An IPv6 packet
is encapsulated within the IPv4 protocol. • This method requires dual-stack routers.
– Dynamic 6to4 tunneling - Automatically establishes the connection of IPv6 islands through an IPv4 network, typically the Internet.
IPv6 Transition Strategies (4)
• NAT-Protocol Translation (NAT-PT)– This translation allows direct communication
between hosts that use different versions of the IP protocol.
– At this time, this translation technique is the least favorable option and should be used as a last resort.
Dual Stack (1)
Dual Stack (2)
IPv6 Tunneling (1)
