Transcript Net+ Chapter 1 - DMC Cisco Networking Academy

SYSTEM ADMINISTRATION
Chapter 9
Network Services
The Bootstrap Protocol
(BOOTP)
• The Bootstrap Protocol (BOOTP) solved the
unreasonable task of making sure every workstation
(or diskless workstation) had an IP address.
• When a workstation configured to use BOOTP
boots up to the network, it broadcasts its MAC
address on the local segment.
• The BOOTP server receives the broadcast packet
and checks the MAC address against the
BOOTPTAB file to see if there is an IP address
assigned to that MAC address.
(continued)
BOOTP
(continued)
• If an address is found, the BOOTP server sends
back the IP address, subnet mask, and default
gateway setting.
• If the workstation is located on a remote segment
from the BOOTP server, the router will hear the
BOOTP broadcast, repackage the broadcast as an
IP packet, and send it to the BOOTP server.
• When the server replies, the router unpackages the
packet, and forwards it to the workstation, which
now has a valid IP address for its location on the
network.
Dynamic Host Configuration
Protocol (DHCP)
• DHCP distributes IP addresses throughout the
network dynamically, reducing the amount of time,
as well as the number of errors, getting IP
addresses to all workstations.
• DHCP runs as a service on most network operating
system servers.
(continued)
DHCP
(continued)
• To configure the DHCP service, the administrator
must:
• Build scopes (or ranges) of IP addresses
• Set the scope options such as the default
gateway, the DNS server, or the WINS server
address
• Create any exclusions from the scope
• Set up any reservations for the scope
• Activate the scope
(continued)
DHCP
(continued)
• DHCP is also a client process that consists of four steps:
• The client issues the DHCPDISCOVER broadcast
packet to locate a DHCP server
• The DHCP server sends an IP address back to the
client in the form of the DHCPOFFER.
• The client sends a DHCPREQUEST packet to the
DHCP server to accept the IP address.
• The DHCP server issues a DHCPACK to let the client
know the address has been allocated to that client, and
to send the additional scope options to the client.
– This is known as the DORA process.
(continued)
DHCP
(continued)
• The address sent to the client must be an address
that is part of the network range for that segment. If
not, the client will be unable to talk to any other
nodes.
• Each IP address that is distributed by a DHCP
server has a lease attached to it. The lease is the
length of time the client may keep that address.
• In stable environments where there are a lot of
desktop machines that do not move frequently, the
lease time can be set at a lengthy state, or an
infinite state.
(continued)
DHCP
(continued)
• In networks where machines attach to and detach from
the network frequently, the lease time should be set to
reflect the average stay of the machines.
• The lease must be renewed for the client to keep the
same address.
– At T1 time, or 50% of the lease time, the client will
attempt to renew the lease with the DHCP server. If
the server is available, the lease will be renewed. If
the server is not available, the client will continue to
attempt to contact the server.
– If no contact is made by T2, time, or 87.5% of the
lease time, the client will repeat the DORA process in
order to secure another IP address.
Domain Name Service (DNS)
• DNS provides host name, or friendly name, to IP
address resolution.
• Originally, a file called the hosts file or host table
was used to provide host name resolution, but the
tables became large and unwieldy.
• DNS is used by the Internet as well as by private
networks.
(continued)
DNS
(continued)
– The DNS name space is divided into sections,
called top-level domains. Each top-level domain
represents a type of organization, such as ‘com’
for commercial entities, ‘mil’ for military entities,
and ‘edu’ for educational entities.
– Below the top-level domains are the second-level
domains. These represent specific organizations
such as Microsoft, CompTIA, Washington
University, or the American Diabetes Association
(continued)
DNS
(continued)
• DNS resolution responsibility is divided into zones,
or portions of the DNS name space. One DNS
server will be authoritative for all objects in that
segment of the name space.
(continued)
DNS
(continued)
• When a user opens a browser and enters an
address such as www.google.com in the URL
locator, the client node contacts the DNS server,
and the DNS server goes about finding the IP
address of www.google.com.
• Any client operating system that uses the IP stack
for communication will also be able to use the
services of DNS resolution. UNIX and Linux rely
solely on DNS, while Microsoft Windows clients can
also use WINS to locate resources within the private
network.
(continued)
DNS
(continued)
• When the DNS service is added to a server, the
database must be populated with records for
resources. Some of those record types are:
• A records – unique host records
• MX records – mail exchangers, or e-mail
servers
• C-name records – alias names for resources
• NS records – the entry for a name server (DNS
server)
• SOA records – a record for the authoritative
server for a zone.
Windows Internet Name Service
(WINS)
• WINS resolves the NetBIOS name of a resource to
its IP address.
• WINS is a Microsoft proprietary server service.
• Microsoft Windows computers use NetBIOS to
locate resources on the network rather than using
DNS. The request for resolution is sent in the form
of a broadcast packet. WINS servers are needed in
any Microsoft network with more than one segment.
(continued)
WINS
(continued)
• The WINS service replaced the use of the LMHosts
file, which mapped NetBIOS names to IP addresses.
• This file had to be configured on every machine
locally or the machine would be unable to locate
resources on remote subnets, including domain
controllers for authentication
• The WINS service is dynamic: computers register
with the WINS server when they attach to the
network.
• Computers release their entry when they leave the
network.
(continued)
WINS
(continued)
• To configure the client, add an IP address in the
WINS property tab of the IP properties at the client.
• Now the client will register with the WINS database,
and the client node will send directed requests to
the WINS server when it needs a resource.
• Non-WINS clients can be added to the WINS
database by creating a manual entry with the client
node’s name and IP address.
Network Address Translation
(NAT)
• NAT and ICS allow network administrators to use
one of the private address spaces for the internal
network, while still allowing access to Internet
(public) resources.
• NAT appliances or software translate the internal
private address to a public address or specified
port so the packet can be transported over the
public Internet space.
NAT
(continued)
• NAT requires that the hosting device, usually a
server or a NAT appliance, have two connections:
the network connection (NIC) and the access point
to the public network – a demand-dial connection or
some other type of connection to an ISP.
• The NAT table keeps a record of outgoing packets.
The dialog is mapped within the table. When a
response comes back to the NAT box, it will consult
the table, identify the source machine and its IP
address, and forward the packet to the private side
of the NAT box.
(continued)
NAT
(continued)
• Administrators can add manual entries to the NAT
table when it is necessary to route certain types of
traffic, such as port 80 requests routed to the web
server.
• ICS is a smaller, less robust version of NAT. It also
translates from private addresses to a public
address or unique port for communication over the
public internetwork.
(continued)
NAT
(continued)
• ICS is easy to enable on a small office/home office
network. Go to the properties window of the
connection device (such as a modem), locate the
Sharing tab, and check the box that says “Internet
Connection Sharing.”
• All devices that participate in an ICS network must
be configured as DHCP clients. The ICS service will
allocate addresses to all client nodes.
Simple Network Management
Protocol (SNMP)
• SNMP has three components:
• The SNMP Agent
• The Managed Device
• The Network Management System (NMS)
• The SNMP agent is software that runs on all network
devices – computers, routers, printers, and switches, to
name a few.
• The agent is responsible for ‘monitoring’ the device, and
if there is a problem, relaying that information to the
NMS.
(continued)
SNMP
(continued)
• The Managed Device is any host device in which an
agent has been installed.
• The NMS is responsible for collecting the
information the agents send to it.
• The agent uses a management information base
(MIB) to compare the current readings to the
standard readings in the MIB. If there is an
aberration, the agent will notify the NMS.
(continued)
SNMP
(continued)
• The agent knows three types of “commands” or
utilities:
– GET tells the agent to find some piece of
information about the managed device and
forward it back to the NMS.
– SET tells the agent that the NMS wants the agent
to change a configuration setting.
– A TRAP is the notification to the NMS when there
is a problem at the managed device.
• All agents belong to a community. An agent will only
report to an NMS that is part of its community. This
is considered a low-level security feature.