More Internet Support Protocols
Domain Name System (DNS) Ch 2.5 Problem statement: Average brain can easily remember 7 digits On average, IP addresses have 10.28 digits We need an easier way to remember IP addresses Solution: Use alphanumeric names to refer to hosts Add a distributed, hierarchical protocol (called DNS) to map between alphanumeric host names and IP addresses We call this Address Resolution
Domain Name Space com edu net gov int mil org ae... us... zw yahoo cnn rutgers yale Country Domains cs eng Generic Domains
Domain Name Service The domain name service consists of Domain name space Name servers In each zone, there is a primary name server and one or more secondary name servers Name servers contain two kinds of address mappings: Authoritative mappings: For hosts within the zone Cached mappings: For previously requested mappings to hosts not in the zone Resolvers Programs that extract information from name servers in response to client requests
Domain Name Hierarchy com edu net gov int mil org ae... us... zw yahoo cnn rutgers yale cs eng
DNS Protocol When client wants to know an IP address for a host name Client sends a DNS query to the primary name server in its zone If name server contains the mapping, it returns the IP address to the client Otherwise, the name server forwards the request to the root name server The request works its way down the tree toward the host until it reaches a name server with the correct mapping
DNS Protocol Example remus.rutgers.edu Scenario: 1 8 remus.rutgers.edu tries to resolve an IP address for venus.cs.yale.edu using a recursive query 2 ns-lcsr.rutgers.edu 7 a.root-servers.net 3 6 yale.edu 4 5 cs.yale.edu
DNS Protocol Another Example remus.rutgers.edu Scenario: remus.rutgers.edu tries to resolve an IP address for venus.cs.yale.edu using an iterative query 1 2 3 ns-lcsr.rutgers.edu 4 a.root-servers.net 5 6 yale.edu 7 8 cs.yale.edu
DNS message In DNS, all communications use a single format called a message. The top level format of message is divided into 5 sections (some of which are empty in certain cases) RR( Resource record) Header Question Answer Authority Additional the question for the name server RRs answering the question RRs pointing toward an authority RRs holding additional information The answer section contains RRs that answer the question; the authority section contains RRs that point toward an authoritative name server; the additional records section contains RRs which relate to the query, but are not strictly answers for the question.
DNS Message Header Clients communicate with DNS servers using either TCP or UDP on port 53 0 15 16 31 Transaction Identification Flags Number of Questions Number of Answer RRs Number of Authoritative RRs Questions (variable length) Answer Resource Records (variable length) Authoritative Resource Records (variable length) Additional Resource Records (variable length) Number of Additional RRs
DNS Message Fields Transaction Identification: Random number used to match client queries with name server responses Flags: 1 4 1 1 1 1 3 4 QR opcode AA TC RD RA (unused) rcode QR: 0=Query, 1=Response opcode: 0=standard query, 1=inverse query, 2=status request AA: Authoritative answer TC: Truncated DNS packet RD: Recursion desired RA: Recursion available rcode: Return code. 0=no error, 3=name error
DNS Packet Fields (cont d) Transaction Identification: Random number used to match client queries with name server responses Number of Questions: Number of DNS queries in the packet Number of Answer RRs: Number of non-authoritative DNS responses in the packet Number of Authoritative RRs: Number of authoritative DNS responses in the packet Number of Additional RRs: Number of other DNS responses in the packet (usually contains other DNS servers in domain) Questions & Answers: Variable length fields to store DNS queries and DNS server responses
DNS Queries DNS Packet Question field contains a sequence of queries: Query name (variable length) Query Type Query Class Query Name: Contains an encoded form of the name for which we are seeking an IP address Query Type: 1=IP address, 2=name server, 12=pointer record, etc. Query Class: 1=Internet address (IN)
Encoding Query Names DNS queries must be encoded in a special way Divide host address into segments whenever a period appears For each segment, store a byte representing the length of the segment followed by the letters in the segment Store a zero byte at the end of the query
DNS Responses DNS Packet RR fields contain a sequence of resource records: Domain name (variable length) Type Class Time-to-live Resource data length Resource Data (variable length) Domain Name: Encoded domain name for query Type & Class: Same as for query (1=IP; 1=Internet) Time-to-Live: How long this responses will be useful Resource Data: Contains the four-byte IP address
DNS Caching Going to the root server and then down the tree every time we need to resolve an address is inefficient Introduce address caching at name servers Store host-to-ip-address mappings from recently requested host names at name server When the same address is requested later, use the cached version at the local name server instead of recursively querying other name servers again
DNS Caching Example remus.rutgers.edu First time: 1 8 Later: remus.rutgers.edu tries to resolve an IP address for venus.cs.yale.edu using a recursive query ns-lcsr.rutgers.edu 2 7 a.root-servers.net 3 6 venus.cs.yale.edu has been cached at ns-lcsr. remus.rutgers.edu (and any other host that uses ns-lcsr) will receive the cached IP address for venus.cs.yale.edu remus.rutgers.edu 1 2 ns-lcsr.rutgers.edu yale.edu 4 5 cs.yale.edu
DHCP (Ch 4.4.6) DHCP stands for dynamic host configuration protocol DHCP is client-server DHCP offers a number of more features Dynamic IP address allocation IP addresses can be leased for a certain time Useful where there are a limited number of IP addresses Useful for temporary connections (testing, laptops, mobile networks)
DHCP (cont d) DHCP has two components: A protocol for delivering bootstrap information from the server to the clients An algorithm for dynamically assigning addresses to clients
Address Allocation Modes DHCP supports three modes of allocation Automatic allocation: Server assigns a permanent address to a host Dynamic allocation: Server assigns a host an IP address with a finite lease Manual allocation: Server assigns host an IP address chosen by the network administrator
DHCP Packets (cont d) 0 7 8 15 16 23 24 31 Request/Reply Hardware type Transaction ID Hardware address length in bytes Hop count Number of seconds Flags Client IP address Your IP address Server IP address Gateway IP address Client hardware address (16 bytes) Server hostname (64 bytes) Boot filename (128 bytes) Options (312+ bytes)
Definitions of address fields ciaddr Client IP address; only filled in if client is in BOUND, RENEW or REBINDING state and can respond to ARP requests. yiaddr 'your' (client) IP address. siaddr 4 IP address of next server to use in bootstrap; returned in DHCPOFFER, DHCPACK by server. giaddr Relay agent IP address, used in booting via a relay agent. chaddr Client hardware address.
DHCP Packet Fields All fields are same as BOOTP except: Flags: One flag currently defined Broadcast (bit 0): Clients can request that all DHCP server messages be broadcast to it Options: All DHCP packets must use the DHCP message type option, which defines the type of DHCP message being sent: DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK DHCPNAK etc.
DHCP Message types DHCP message types DHCP Discover: Client broadcasts to locate a server DHCP Offer: Server responds with proposal of parameters DHCP Request: Client broadcasts its choice of server. All other servers are implicitly declined. DHCP ACK: Selected server responds to client with address DHCP NAK: Selected server rejects the client s request DHCP Decline: Client declines server s parameters DHCP Release: Client releases its assigned address
DHCP Protocol Server 1 Client Server 2 DHCPDISCOVER DHCPDISCOVER DHCPOFFER DHCPOFFER Collects replies Selects server 2 DHCPREQUEST DHCPREQUEST DHCPACK
DHCP Protocol (cont d) DHCP client broadcasts a DHCP Discover message Client may specify preference of a lease and/or IP address Many servers may respond with offers Client chooses one server from them Client broadcasts DHCP request with id of chosen server Selected server sends DHCP ACK or NAK Client begins using offered IP address once it receives ACK If the client finds a problem, it sends a DHCP Decline message to the server and starts over again Client may choose to release the address before lease expires by sending a DHCP Release message to the server
DHCP Relay Agents Similar to BOOTP Relay Agents DHCP relay agents allow DHCP servers to handle requests from other subnets Client DHCP Relay Agent IP Gateway Router IP Gateway Router DHCP Server
Summary DHCP allow ignorant hosts to receive IP addresses (and more) at start-up time IP addresses don t have to be manually configured into hosts
Network address Translators (NAT) Ch 4.4.7 Every host needs an IP address IPv4 address space is limited It is expensive to get an IP address for every device that may be connected to the internet IETF has set aside private IP address for use within a network but can be translated into a fixed public address by a special router NAT box
Private IP addreses 10.0.0.0-10.255.255.255 (10/8 prefix) 172.16.0.0-172.31.255.255 (172.16/12 prefix) 192.168.0.0-192.168.255.255 (192.168/16 prefix) These addresses can be assigned to any of the machines within a network but will be translated to a public address by the NAT router Ports are used to distinguish among multiple addresses that need to be mapped from one public address to mutiple private addresses
NAT NAT provides mapping functions between public address and a private address Keep a table of internal addresses/ports and external hosts/ports contacted from the internals (we can map multiple internals to a single public address as long as they're coming from distinct ports) 10.0.0.1/ 1000 192.6.8.4/8001 10.0.0.2/ 1000 192.6.8.4/8002 10.0.0.3/ 5001 192.6.8.4/8004 Private LAN side Public WAN side
Disadvantages It is a hack Works only with TCP/UPD port connections NAT has to understand all higher layer application protocols to correctly map the port Every packet needs to be remapped Widespread deployment of IPv6 should help
Mobile-IP Chapter 4.9
Mobile users Explosion in usage of hand helds Anytime, anywhere wireless services Some connectivity everywhere Many-time, many-where (Infostations) Users can be connected when moving Users can be connect and disconnect to different networks
Mobility vs connectivity New research problems Continuous connectivity for a mobile host Seamless movement between networks Mobile systems Move from place to place while being wireless Move from place to place by plugging-in at different attachment points Why maintain connectivity? Avoid restarting applications/networks
IP address problem Internet hosts/interfaces are identified by IP address Domain name service translates host name to IP address IP address identifies host/interface and locates its network Mixes naming and location Moving to another network requires different network address But this would change the host s identity How can we still reach that host?
Basic idea Home Agent Foreign Agent MH = Mobile Host CH = correspondent HOST
Basic idea Mobile hosts attaches to foreign network and obtains guest address Via DHCP Via Foreign agent Registration with local agent LA has list of all foreign hosts visiting the network
Routing for mobile hosts MH = mobile host Home network Foreign network CH = correspondent host How to direct packets to moving hosts transparently? Home network Foreign network
Use Arp A designated router proxy-arps for mobile host H4 I have MH1 Who has MH1? Know? mh1@h4 MH1
Basic Mobile IP to mobile hosts MH = mobile host CH = correspondent host HA = home agent FA = foreign agent Home network HA CH (We ll see later that FA is not necessary or even desirable) Foreign network FA MH registers new care-of address (FA) with HA HA tunnels packets to FA FA decapsulates packets and delivers them to MH
IP-in-IP (Packet encapsulation) Packet from CH to MH Source address = address of CH Destination address = home IP address of MH Payload Home agent intercepts above packet and tunnels it Source address = address of HA Destination address = care-of address of MH Source address = address of CH Destination address = home IP address of MH Original payload
When mobile host moves again Home network Foreign network #1 HA FA #1 MH CH FA #2 Foreign network #2 MH MH registers new address (FA #2) with HA & FA #1 HA tunnels packets to FA #2, which delivers them to MH Packets in flight can be forwarded from FA #1 to FA #2
Basic Mobile IP - from mobile hosts Mobile hosts also send packets CH Home network HA Foreign network FA MH Mobile host uses its home IP address as source address -Lower latency as MH can send packets directly to CH -Still transparent to correspondent host This is called a triangle route or a dog-leg route
Problems with Foreign Agents Assumption of support from foreign networks A foreign agent exists in all networks you visit The foreign agent is robust and up and running The foreign agent is trustworthy
Solution Mobile host is responsible for itself -(With help from infrastructure in its home network) -Mobile host decapsulates packets -Mobile host sends its own packets - Co-located FA on MH CH Home network HA Foreign network MH MH must acquire its own IP address in foreign network This address is its new care-of address Mobile IP spec allows for this option
Obtaining a foreign IP address How to get a new IP address? DHCP Dynamic IP address binding like some dialup services
Problems with ingress/egress filtering Home network CH HA Foreign network MH Mobile host uses its home IP address as source address Security-conscious boundary routers will drop this packet An egress router will see a packet with source address that does not belonging to its network
Solution: bi-directional tunnel Home network CH HA Foreign network MH Provide choice of safe route through home agent both ways Use encapsulation in both directions (MH CH and CH MH)
Solution: yet more flexibility CH Home network HA Foreign network MH Use current care-of address and send packet directly -This is regular IP! -This is not mobility but portability
Do we need Mobile IP When do we really need this Mobile clients have short lived sessions Reconnect on move Most mobile users are in private net Mobile servers? Cellphone (IP enabled)