04net DHCP Nat

Network Layer - DHCP, NAT
06 Mar 12
IP Address Block Allocation

Q: How does an ISP get block of addresses? A: ICANN: Internet Corporation for Assigned
Names and Numbers allocates IP addresses manages DNS system assigns domain names, resolves disputes generates a lot of controversy ;-)
04netC
CSCD58S Computer Networks
CSCD58 Computer Networks
06 Mar 12
IP addresses: how to get one?

Q: How does a host get IP address? hard-coded by system admin in a file
Wintel: control-panel->network->configuration->tcp/ip->properties UNIX: /etc/rc.config
DHCP: Dynamic Host Configuration Protocol:

dynamically get address: plug-and-play (RFC 2131) host broadcasts DHCP discover msg DHCP server responds with DHCP offer msg host requests IP address: DHCP request msg DHCP server sends address: DHCP ack msg
NAT: Network Address Translation

use a one (or few) public network addresses to stand in for a large number of private network addresses, e.g. on a home network.
CSCD58S Computer Networks 3
04netC
06 Mar 12
DHCP: Dynamic Host Configuration Protocol

Goal: allow host to dynamically obtain its IP address from network server when it joins network
Allows reuse of addresses (host only holds address while connected and on) Host allowed to renew lease on address currently in use Support for mobile users who want to join network (more later)
DHCP overview:
host broadcasts DHCP discover msg DHCP server responds with DHCP offer msg host requests IP address: DHCP request msg DHCP server sends address: DHCP ack msg
04netC CSCD58S Computer Networks 5
06 Mar 12
DHCP client-server scenario

A
223.1.1.1 223.1.1.2 223.1.1.4
DHCP server
223.1.2.9
223.1.2.1
B
223.1.1.3 223.1.3.1 223.1.3.27
223.1.2.2
223.1.3.2
arriving DHCP client needs address in this network
04netC
06 Mar 12
DHCP client-server scenario

DHCP server: 223.1.2.5
DHCP discover src : 0.0.0.0, 68 dest.: 255.255.255.255,67 yiaddr: 0.0.0.0 transaction ID: 654 DHCP offer src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4 transaction ID: 654 Lifetime: 3600 secs DHCP request src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 yiaddrr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs DHCP ACK src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs
arriving client
time
04netC
06 Mar 12
DHCP: example
DHCP DHCP DHCP DHCP
DHCP UDP IP Eth Phy

DHCP
connecting laptop needs its IP address, addr of firsthop router, addr of DNS server: use DHCP
DHCP DHCP DHCP DHCP
DHCP UDP IP Eth Phy
168.1.1.1
router (runs DHCP)
DHCP request encapsulated in UDP, encapsulated in IP, encapsulated in 802.1 Ethernet Ethernet frame broadcast (dest: FFFFFFFFFFFF) on LAN, received at router running DHCP server Ethernet demuxed to IP demuxed, UDP demuxed to DHCP
04netC
06 Mar 12
DHCP: example
DHCP DHCP DHCP DHCP
DHCP UDP IP Eth Phy
DHCP DHCP DHCP DHCP DHCP
DHCP UDP IP Eth Phy
router (runs DHCP)
DHCP server formulates DHCP ACK containing clients IP address, IP address of first-hop router for client, name & IP address of DNS server encapsulation of DHCP server, frame forwarded to client, demuxing up to DHCP at client client now knows its IP address, name and IP address of DNS server, IP address of its firsthop router
9
04netC
06 Mar 12
DHCP
advantages over fixed address assignment:
simplifies network administration (and reduces errors e.g. 2 hosts using same IP address due to misconfiguration) improves utilization of address space support for roaming users
each DHCP server controls a block of IP addresses that it makes available to individual hosts on demand IP addresses are leased
client should renew after about 2/3 of lease has expired soft state, leases revert if not renewed client can send DHCPRelease or just allow the lease to expire
06 Mar 12
Network Address Translation (NAT)

interim solution to IP address space exhaustion
a kludge (but a useful one)
sits between a network and the Internet job is to translate local network layer addresses to global IP addresses shares a single (or pool of) IP address(es) among a larger number of hosts uses special unallocated (non-public) addresses (RFC 1597) within the local network
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
06 Mar 12

Motivation: local network uses just one IP address as far as outside word is concerned: no need to be allocated range of addresses from ISP: - just one IP address is used for all local network devices can change addresses of devices in local network without notifying outside world can change ISP without changing addresses of devices in local network devices inside local net not explicitly addressable by or visible to outside world (a security plus).
10
06 Mar 12

rest of Internet local network (e.g., home network) 192.168.0/24
192.168.0.4 138.76.29.7 192.168.0.3
192.168.0.1
192.168.0.2
Datagrams with source or All datagrams leaving local destination in this network network have same single source have 192.168.0/24 address for NAT IP address: 138.76.29.7, source, destination (as usual) different source port numbers
04netC
13
11
06 Mar 12

for outgoing datagrams: replace <source IP
address, port #> of every outgoing datagram with <NAT IP address, new source port #> . . . remote clients/servers will respond using <NAT IP address, new source port #> as destination addr. <source IP address, port #> to <NAT IP address, new source port #> translation pair
remember (using NAT translation table) every
new source port #> in dest fields of every incoming datagram with corresponding <source IP address, port #> stored in NAT table
incoming datagrams: replace <NAT IP address,
12
06 Mar 12

2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table 2 NAT translation table WAN side addr LAN side addr 138.76.29.7, 5001 10.0.0.1, 3345 1: host 10.0.0.1 sends datagram to 128.119.40.186, 80
S: 10.0.0.1, 3345 D: 128.119.40.186, 80
S: 138.76.29.7, 5001 D: 128.119.40.186, 80
1
10.0.0.4
S: 128.119.40.186, 80 D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
138.76.29.7
S: 128.119.40.186, 80 D: 138.76.29.7, 5001
3: Reply arrives dest. address: 138.76.29.7, 5001

04netC
10.0.0.3 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345
CSCD58S Computer Networks 16
13
06 Mar 12
NAT traversal problem

client wants to connect to server with address 10.0.0.1
server address 10.0.0.1 local to LAN (client cant use it as destination addr) only one externally visible NAT address: 138.76.29.7
Client
10.0.0.1
?
10.0.0.4
solution 1: statically configure NAT to forward incoming connection requests at given port to server
e.g., (123.76.29.7, port 2500) always forwarded to 10.0.0.1 port 25000
04netC
138.76.29.7
NAT router
19
14
06 Mar 12

solution 2: Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol. Allows NATd host to: learn public IP address (138.76.29.7) add/remove port mappings (with lease times) i.e., automated userconfigurable static NAT port map configuration
10.0.0.1
IGD
10.0.0.4 138.76.29.7
NAT router
15
06 Mar 12

solution 3: relaying (used in Skype) NATed client establishes connection to relay External client connects to relay relay bridges packets between to connections
2. connection to relay initiated by client Client 3. relaying established
1. connection to relay initiated by NATd host

138.76.29.7
10.0.0.1
NAT router
04netC
21
16

04net DHCP Nat

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

04net DHCP Nat

Caricato da

Copyright:

Formati disponibili

Network Layer - DHCP, NAT

IP Address Block Allocation

CSCD58S Computer Networks

CSCD58 Computer Networks

Network Layer - DHCP, NAT

IP addresses: how to get one?

DHCP: Dynamic Host Configuration Protocol:

NAT: Network Address Translation

CSCD58 Computer Networks

Network Layer - DHCP, NAT

DHCP: Dynamic Host Configuration Protocol

CSCD58 Computer Networks

Network Layer - DHCP, NAT

DHCP client-server scenario

arriving DHCP client needs address in this network

CSCD58S Computer Networks

CSCD58 Computer Networks

Network Layer - DHCP, NAT

DHCP client-server scenario

CSCD58S Computer Networks

CSCD58 Computer Networks

Network Layer - DHCP, NAT

DHCP UDP IP Eth Phy

DHCP DHCP DHCP DHCP

DHCP UDP IP Eth Phy

router (runs DHCP)

CSCD58S Computer Networks

CSCD58 Computer Networks

Network Layer - DHCP, NAT

DHCP UDP IP Eth Phy

DHCP DHCP DHCP DHCP DHCP

DHCP UDP IP Eth Phy

router (runs DHCP)

CSCD58S Computer Networks

CSCD58 Computer Networks

Network Layer - DHCP, NAT

CSCD58 Computer Networks

Network Layer - DHCP, NAT

Network Address Translation (NAT)

CSCD58 Computer Networks

Network Layer - DHCP, NAT

NAT: Network Address Translation

CSCD58 Computer Networks

Network Layer - DHCP, NAT

NAT: Network Address Translation

CSCD58S Computer Networks

CSCD58 Computer Networks

Network Layer - DHCP, NAT

NAT: Network Address Translation

remember (using NAT translation table) every

incoming datagrams: replace <NAT IP address,

CSCD58 Computer Networks

Network Layer - DHCP, NAT

NAT: Network Address Translation

S: 10.0.0.1, 3345 D: 128.119.40.186, 80

S: 138.76.29.7, 5001 D: 128.119.40.186, 80

3: Reply arrives dest. address: 138.76.29.7, 5001

CSCD58 Computer Networks

Network Layer - DHCP, NAT

NAT traversal problem

CSCD58S Computer Networks

CSCD58 Computer Networks