Section Outcome (TCP/IP Services)
description
Transcript of Section Outcome (TCP/IP Services)
Describe four (4) services that are part of the
TCP/IP protocol suite that would probably be
implemented within a network centre to manage:
• naming within legacy systems
• automated issuing of IP Addresses
• name to IP Address translation
• private IP addressing
Section Outcome (TCP/IP Services)Section Outcome (TCP/IP Services)
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Windows Internet Naming System (WINS)
• Network Address Translation (NAT)
OverviewOverview
Administering IP Address allocation
- Static configuration (becomes impossible as network grows in size)
- Dynamic configuration (automated system of IP address, subnet details and other network information delivery)
DHCPDHCP
DHCPDHCP
Note, not just for delivering the IP Addresses
Simplified but typical infrastructureSimplified but typical infrastructure
ISPHamilton Network Centre
Telkom
To upstream service provider
Diginet Link
IT Div Network Centre
Firewall Free BSD
DHCP Server
DNS Server Jackall Gecko
East lab etc
• Static VS Dynamic IP Addressing
• Pool of IP Addresses known as Scopes
• DHCP Renewal Process
• DHCP Server per Segment
• DHCP Relay Agent
DHCPDHCP
DHCPDHCP
DHCP Client DHCP Server
DHCPDiscover
DHCPAcknowledgement
DHCPRequest
DHCPOffer
• Automatic Private IP Addressing (APIPA)
- 10.0.0.0 through 10.255.255.255169.254.0.0 through 169.254.255.255 172.16.0.0 through 172.31.255.255192.168.0.0 through 192.168.255.255
- Network Address Translation (NAT)
• Multicast Scopes (224.0.0.0 – 239.255.255.255)
• Scopes and Superscopes
DHCPDHCP
DHCPDHCPThree DHCP Implementations:
• Dynamic allocation
- Leased basis from available pool
• Automatic allocation
- Permanent allocation for duration of communication. Maintains historical list.
• Static allocation
- MAC/IP address allocation, one MAC address will have the same IP address all the time
Network Address Translation (NAT)Network Address Translation (NAT)
ISPOffice Telkom
To upstream service provider
Diginet Link
Computer running: Network Address Translation (NAT)
Firewalling
DHCP
A class C IP Address
Internal IP Addresses
• Host File or DNS Server
• Different Levels of Domain
- Root-level “.”
- Top level domain (gov / com / org)
- Second level (Course / Microsoft)
- Subdomain (sales / marketing)
DNSDNS
DNSDNS
• Top Level
- gov (U.S. government agencies)
- com (Commercial organizations)
- mil (U.S. military services)
- edu (Educational institutions)
- net (ISP’s)
- org (Nonprofit organisations)
• Primary Name Server has DNS zone file.
• Authoritative for Domain means server holds the main DNS zone file
• Primary name server holds a read / write copy of zone file
• Incremental Zone Transfers
DNSDNS
DNS Query ProcessDNS Query Process
DNS and ISP’sDNS and ISP’s
DNSDNS• Win2003/7+ provides a full-featured DNS
server integrated with older DNS methods such as host files
• FreeBSD, UNIX etc
• Primary and Secondary Zones
• Can be primary server for one zone and secondary for another
• Win 2003/7+ DNS supports Active Directory
• Dynamic DNS, clients can create their own A records
DNSDNS
• Caching-only servers
• Forward lookup zones
• In-addr.arpa (name given to reverse lookup zone file)
• Iterative vs recursive
• Secondary name servers (read only copies of zone file)
• Zone transfers
WINSWINS
• Used for identification in older pre-Windows 2000/3/7 Server versions. Just as DNS provides IP Addresses for host names, Windows Internet Name Service (WINS) provides IP Addresses for NETBIOS computer names.
WINSWINS
Subnet 2Subnet 1
WINS Server
Other Servers
WINS Server
Other Servers
No Broadcast Traffic
Router
ProxiesProxies
Forward Facing Proxy
ProxiesProxies• Keep machines behind it anonymous.
• To speed up access to resources (using caching).
• To log / audit usage
• To scan transmitted content for malware before delivery.
• To scan outbound content, e.g., for data loss prevention.
• Access enhancement/restriction
ProxiesProxies
Open Proxy
Allows users to conceal their IP Address
ProxiesProxies
Reverse Proxy
1. Security
2. Act as a firewall
3. SSL Encryption
4. Load-balancing
5. Cache static content
6. Compression
7. Spoon-feeding
8. Multiple servers on the same public IP address
ProxiesProxies
FirewallsFirewalls
Demilitarized Zone (DMZ)Demilitarized Zone (DMZ)
References:References:Napier, A., Judd, P., Rivers, O., and Adams, A., (2003)
E-Business TechnologiesE-Business Technologies
Thomson Course TechnologiesThomson Course Technologies
ISBN: 0-619-06319-xISBN: 0-619-06319-x
Panko, R (2005) Business Data Networks and Communications, 5Business Data Networks and Communications, 5 thth edition, Prentice Halledition, Prentice Hall
ISBN: 0-13-127315-9ISBN: 0-13-127315-9
Schneider E-Business, Eighth EditionE-Business, Eighth Edition
ISBN-13: 978-0-324-78807-5ISBN-13: 978-0-324-78807-5
Hogan, F., (2005) Internet PresentationInternet Presentation