Addressing protocols TELE3118 lecture notes Copyright by Tim Moors Aug-09
2 Which address(es) to use? How does source determine addresses when sending to www.example.com? o Source has its MAC address o DNS maps www.example.com to IP address Need to know DNS server address o Destination port is well-known (80). Source port is arbitrary. o Other addresses? Ethernet header IP header TCP header HTTP payload Src Dst Type Src Dst Type Src Dst GET index.html AA IP TCP
3 Outline Assigning addresses to organisations Dynamic Host Configuration Protocol (DHCP) o Know own link layer address, but not IP address Address Resolution Protocol (ARP) o Know target s IP address, but not its link layer address Multicasting equivalent of ARP Addresses that change when data propagates o Network Address Translation (NAT)
4 Resources Tanenbaum Section 5.6 (ARP, DHCP, NAT) DHCP: http://www.dhcp.org/ o o NAT: o o o R. Droms: "Automated configuration of TCP/IP with DHCP", IEEE Internet Computing, 3(4):45-53, 1999 D. Comer: "Bootstrapping with BOOTP and DHCP", Internet Protocol Journal, 5(2):24-31, 2002 G. Huston: "Anatomy: A Look Inside Network Address Translators", Internet Protocol Journal, 7(3):2-32, Sep. 2004 L. Phifer: "The Trouble with NAT", Internet Protocol Journal, 3(4), Dec. 2000 J. Touch: Those Pesky NATs, IEEE Internet Computing, 6(4), Jul./Aug. 2002
5 Addressing authorities Internet Corporation for Assigned Names and Numbers (ICANN) Asia Pacific Network Information Centre (APNIC) U. New South Wales 149.171..., 129.94... American Registry for Internet Numbers (ARIN) U. Sydney 129.78.... Réseaux IP Européens (RIPE) School of EE 149.171.92... School of CSE 129.94.242... School of Physics 129.94.162... Individual computers Use whois (see DNS lecture) to determine who owns an IP address e.g. http://who.is/ regional servers, e.g. http://www.apnic.net/apnic-info/whois_search
6 Alternatives to DHCP (to get an address) Manually configure addresses o DIY: Windows: controlpanel network configuration tcp/ip properties UNIX: /etc/rc.config Laborious for net admin to manage addresses (e.g. record and distribute to users) Clashes when multiple computers use one address. Randomised address: o Used as a fallback: When hosts can t find DHCP server, randomly choose a private IP address. Test that transmissions to that address don t elicit responses, & proceed.
7 Boot Protocol (BOOTP) Initially [RFC 951, 1985] there was BOOTP o Now superseded by DHCP... o DHCP expands BOOTP => Often (e.g. with Wireshark) see DHCP packets labelled as BOOTP Motivation: Automate assignment of IP parameters (more likely consistent, less laborious) Mechanism : o o Client knows its link layer address. Broadcasts request to server that responds by mapping from link layer address to basic IP parameters (IP address, subnet mask, gateway address, DNS server address). Mapping is static preprogrammed into server. Used UDP ports 67 and 68
8 Protocol: DHCP Full name: Dynamic Host Configuration Protocol Purpose: Distribute config info Layer: Application Uses: UDP Identified by: port number 67, 68 Standards: RFC 1531 (Original), 2131 (Current) DIY: Client software: Windows: ipconfig (e.g. ipconfig /renew ) Linux: dhclient We ll cover DHCPv4. DHCPv6 simplifies DHCP by shedding baggage from BOOTP backwards compatibility. Client uses port 546, server/relay port 547
9 DHCP message format 1=request, 2=reply hardware (link layer) address type & length 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ op (1) htype (1) hlen (1) hops (1) used for relaying +---------------+---------------+---------------+---------------+ xid (4) transaction ID for matching replies to request +-------------------------------+-------------------------------+ secs (2) flags (2) +-------------------------------+-------------------------------+ ciaddr (4) Client s current address? +---------------------------------------------------------------+ yiaddr (4) Your (client s) new address +---------------------------------------------------------------+ siaddr (4) Address of next server +---------------------------------------------------------------+ giaddr (4) For relaying & help server decide addr. +---------------------------------------------------------------+ chaddr (16) Client s hardware (link layer) address +---------------------------------------------------------------+ sname (64) Server name (can be null) +---------------------------------------------------------------+ file (128) +---------------------------------------------------------------+ options (variable) +---------------------------------------------------------------+
DHCP client-server scenario DHCP discover 10 DHCP server: 223.1.2.5 time src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 yiaddr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs src : 0.0.0.0, 68 dest.: 255.255.255.255,67 yiaddr: 0.0.0.0 transaction ID: 654 DHCP offer DHCP request DHCP ACK arriving client src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddr: 223.1.2.4 transaction ID: 654 Lifetime: 3600 secs src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs 67 = IP protocol number for DHCP servers 68 = IP protocol number for DHCP clients Slide from Kurose and Ross yiaddr = your internet address
11 Using DHCP to get an address 1. Client discovers DHCP server(s) o Client broadcasts DISCOVER message, reaching all servers Multiple servers provides fault tolerance What source IP address to use? 0.0.0.0 o Server(s) may respond with OFFER message Server may choose not to respond, e.g. only respond to known link layer addresses for security. Server may test parameters in offer before sending it, e.g. ARP to check if a node already has the proposed IP address 2. Client chooses best server o Usually chooses first server to respond, but could choose based on longest offered lease etc 3. Confirm parameters from server o Client broadcasts REQUEST message Main target is server that made the offer being accepted, but broadcasting allows other servers to release resources that may have been tentatively reserved. o Server sends an ACK message May not send ACK if client took too long & parameters have subsequently been assigned to anther node. Note: Confirmation needed for reliability.
12 Dynamic address assignment Unlike static configuration or BOOTP, DHCP allows 1 IP address to be reused by different hosts at different times => Only need 1 address per active host Dynamic, but minimise change: Often try to assign host address that it had last time: Associations between host & others that rely on IP address won t break (e.g. sockets) Consistent security blocks/logs when based on IP address But: Host can t ask for a different address (e.g. if another host misconfigured with duplicate address)
13 Outline
14 Protocol: ARP Full name: Address Resolution Protocol Purpose: Find link layer address of known IP address. Layer: Between Link and Network Uses: Link layer, e.g. Ethernet Identified by: Ethertype 0x0806 Standards: STD 37, RFC 826
15 ARP messages 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ hardware type (16) protocol type (16) +---------------+---------------+-------------------------------+ hardware len protocol len opcode +---------------+---------------+-------------------------------+ sender's hardware address (hardware_len * 8) +---------------------------------------------------------------+ sender's protocol address (protocol_len * 8) +---------------------------------------------------------------+ target's hardware address (hardware_len * 8) +---------------------------------------------------------------+ target's protocol address (protocol_len * 8) +---------------------------------------------------------------+ Hardware type: e.g. 1=Ethernet, 24=IEEE 1394 (Firewire) uses EUI-64 Protocol type: 0x800 for IPv4 (Ethertype). Opcodes: 1=Request, 2=Reply Rigid format allows respondent to use request as template for reply
16 ARP process Nodes (hosts & routers) maintain tables of <IP address, MAC address, time> Sender checks table for MAC address, given IP address. If not in table: o Broadcast ARP request, including target s protocol (IP) address o Target unicasts reply to requesting node o If no response, then retransmit request In case target changes MAC address (e.g. NIC), age table entries (e.g. delete after 20 minutes) When receive request, update table entry for requester, since likely have to make non-arp response soon ARP also used to o Check if host is reachable (e.g. Can DHCP server reuse address?) o Check if anyone using intended IP address ( Gratuitous ARP to request own IP address on rebooting)
17 DIY: Using ARP on hosts arp program on both Windows and Linux Options:: -a: display -d: delete entry -s: add entry e.g. C:\>arp -a Interface: 149.171.92.174 --- 0x20002 Internet Address Physical Address Type 149.171.92.1 00-00-0c-07-ac-00 dynamic 149.171.92.17 00-16-76-cd-04-b8 dynamic C:\>
18 IPv6 ARP equivalents IPv6 address can include link layer address, eliminating need for ARP Otherwise Neighbor Discovery feature of ICMPv6 For details, see RFC 2461
19 Outline
20 Network Address Translation Goals: Conserve addresses: Solve IPv4 address shortage in short-term (without deploying IPv6) o Done by using transport layer port #s to differentiate hosts that share an IP address. Separate internal & external addresses facilitate change: e.g. change ISP without renumbering hosts. Security: o Details of internal network (addresses and topology) aren t publicised o Internet can t reach hosts behind NAT unless hosts=clients started communication (like a firewall) ISPs can charge more for servers than clients aka: Port Address Translation (PAT) or Network Address Port Translation (NAPT) Strictly speaking, NAT is when only the address changes (to one of a set used by the NAT box), and PAT is when only the port numbers change (???is that possible???) and NAPT is when both port and address numbers change.
21 NAT: Network Address Translation rest of Internet 138.76.29.7 local network (e.g., home network) 10.0.0/24 10.0.0.4 10.0.0.1 10.0.0.2 10.0.0.3 All datagrams leaving local network have same single source NAT IP addr.: 138.76.29.7, different source port numbers Datagrams with source or destination in this network have 10.0.0/24 address for source, destination (as usual) Slide from Kurose and Ross
NAT: Network Address Translation 22 NAT translation table 2: NAT router WAN side addr LAN side addr changes datagram 138.76.29.7, 5001 10.0.0.1, 3345 source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table 2 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 10.0.0.4 S: 10.0.0.1, 3345 D: 128.119.40.186, 80 1 1: host 10.0.0.1 sends datagram to 128.119.40, 80 10.0.0.1 10.0.0.2 138.76.29.7 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3 3: Reply arrives dest. addr.: 138.76.29.7, 5001 S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4 10.0.0.3 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345 Slide from Kurose and Ross
23 Lecture summary DHCP allows a node to obtain an IP address to use ARP allows a source to determine what link layer address corresponds to a known IP address NAT maps addresses of packets as they propagate
24 Links DHCP provides config info for other protocols, e.g. o DNS suffix, e.g. ee.unsw.edu.au o SMTP server Whois protocol covered with DNS as part of application layer