Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PROTOCOLS I:
NAT
DNS
SMTP
DHCP
FTP/TFTP
SNMP
IPV6
Dr. Rigoberto Chinchilla
Eastern Illinois University
Private non-routable (private)
addresses and addressing Schemas
Private Network
Hybrid Network
NAT basics
The original intention of NAT was to slow
the depletion of available IP addresses
space by allowing many private IP
addresses to be represented by some
smaller number of public IP addresses
• End-to-end connectivity:
– NAT destroys universal end-to-end reachability of hosts on
the Internet.
27
NAT as Firewall
Problems with NAT
When a client program is using NAT to hide behind a
routing device on an internal network, when using
PORT the client tells a server on the external network
to connect to an address on the client's internal
network. I.e.:
– Client: PORT 192,168,1,2,7,138
This number is calculated over the TCP header and data, and
also over a pseudo-header that includes the source and
destination IP addresses. Therefore, if an IP address or a port
number changes, the TCP checksum must also change. Cisco's
NAT performs these checksum recalculations.
More potential problems with NAT
Fragmentation
Recall from the section "NAT and Virtual Servers" that you can use NAT to
translate to different local addresses based on the destination port. A
packet with a destination port of 25 can be translated to a particular
address, for example, whereas a packet with some other destination port
numbers can be translated to other addresses.
– However, what if the packet destined for port 25 becomes fragmented at some point in the
network before it reaches the NAT? The TCP or UDP header, containing the source and
destination port numbers, is in the first fragment only. If that fragment is merely
translated and forwarded, the NAT has no way to tell whether the subsequent fragments
must be translated.
IP makes no guarantees that packets are delivered in order. So it's quite
possible that the first fragment might not even arrive at the NAT before
later fragments. You must design NAT to handle such eventualities.
•
net zone
ne ed co
net domain m •
•t u
•
google
ripe.net zone rip is sun tislab
• e i moons •
ww dis
disi.ripe.net zone ww
w ft i
•
p ws ws w
2 1
Concept: Name Servers
authoritative name server
Give authoritative answers for one or
more zones
The master server normally loads the data
from a zone file
A slave server normally replicates the data
from the master via a zone transfer
slave
master
slave
Concept: Resolving process &
Question: www.ripe.net
Cache
A
www.ripe.net A ? root-server
Ask net server @ X.gtld-servers.net
www.ripe.net A ?
Resolver Caching
192.168.5.10
forwarder www.ripe.net A ?
(recursive) gtld-server
Ask ripe server @ ns.ripe.net
192.168.5.10
ripe-server
Network Applications
DNS Function
E-Mail Messages
We select a network application based on
the type of network we need to
accomplish
Each application program type is
associated with its own application
protocol
– WWW using HTTP (Chrome, explorer)
– Remote access programs using TELNET
– E-mail Programs supporting the POP3
application layer protocol.
https://www.getmailbird.com/pop3-email-account/
The DNS function
Whenever e-mail clients send letters, they
request that a DNS server connected to
the network translate the domain names
into the associated IP address
Eliminates
need for individual,
manual configuration for hosts
Includes
administrative controls for
network administrators
What does DHCP do?
Backwardcompatible packet format
for BOOTP interoperation (RFC 1542)
Determineother configuration
parameters
Router 201.157.7.198
DHCP
server
201.157.7.96
New computer
Relocated computer
Computer retains address
201.157.7.96
201.157.7.64
Router 201.157.7.198
DHCP
server
201.157.7.96
Moved!
Problems with DHCP
DHCP ON WINDOWS
Summary
DHCP works today as a tool for automatic
configuration of TCP/IP hosts
FTP:ACTIVE MODE
At this point the client begins to send commands
to the FTP port 21 including the port at which the
CLIENT wants the data to be send. (Port 1059)
universally supported
extendible
portable
Ethern
et
Frame
IP
Packet
SNMP Message CRC
UDP
Datagra
m
•SNMP Protocol
•SNMP Protocol
•Managed nodes
•Management nodes
A node may not support SNMP, but may be manageable by SNMP through a
proxy agent running on another machine
•Traps can also be throttled -- You can limit the number of traps sent
per second from the agent.
•Poll the agent that sent the trap for more information about the
event, and the status of the rest of the machine.
•Log the reception of the trap.
•Completely ignore the trap.
•Management applications can be set up to send off an e-mail, call a
voice mail and leave a message, or send an alpha-numeric page to the
network administrator’s pager that says: