Wireless LAN

download report

Transcript Wireless LAN

IP Address Services
W.lilakiatsakun
Topics
• DHCP (Dynamic Host Configuration Protocol)
• NAT (Network Address Translation)
• IPv6 (Internet Protocol version 6)
Introduction to DHCP
• To enable host to obtain an IP address and
necessary configuration from server
• It is described in RFC 2131
• Application layer protocol
• Client-server model
DHCP Allocation mechanism (1)
• Manual Allocation
– The administrator assigns a pre-allocated IP
address to the client and DHCP only
communicates the IP address to the device.
• Automatic Allocation
– DHCP automatically assigns a static IP address
permanently to a device, selecting it from a pool
of available addresses.
– There is no lease and the address is permanently
assigned to a device.
DHCP Allocation mechanism (2)
• Dynamic Allocation
– DHCP automatically dynamically assigns, or leases,
an IP address from a pool of addresses for a
limited period of time chosen by the server, or
until the client tells the DHCP server that it no
longer needs the address.
DHCP Operation
BOOTP and DHCP (1)
• BOOTP (Bootstrap Protocol)
– It is defined in RFC951
– BOOTP is a way to download address and boot
configurations for diskless workstations
– Both DHCP and BOOTP use UDP ports 67 and 68.
(known as BOOTP ports)
BOOTP and DHCP (2)
• DHCP and BOOTP have two components, client
and server
– The server is a host with a static IP address that
allocates, distributes, and manages IP and
configuration data assignments.
• Each allocation (IP and configuration data) is stored on
the server in a data set called a binding.
– The client is any device using DHCP as a method for
obtaining IP addressing or supporting configuration
information.
BOOTP and DHCP (3)
DHCP Message Format (1)
• BOOTP and DHCP format are the same except
option field that is only used in DHCP
DHCP Message Format (2)
• Operation Code (OP)
– Specifies the general type of message.
• A value of 1 indicates a request message; a value of 2 is
a reply message.
• Hardware Type
– Identifies the type of hardware used in the
network.
• For example, 1 is Ethernet, 15' is Frame Relay, and 20 is
a serial line. These are the same codes used in ARP
messages.
DHCP Message Format (3)
• Hardware Address length
– 8 bits to specify the length of the address.
• Hops
– Set to 0 by a client before transmitting a request and
used by relay agents to control the forwarding of
DHCP messages
• Transaction Identifier
– 32-bit identification generated by the client to allow
it to match up the request with replies received from
DHCP servers.
DHCP Message Format (4)
• Seconds
– Number of seconds elapsed since a client began
attempting to acquire or renew a lease.
– Busy DHCP servers use this number to prioritize
replies when multiple client requests are
outstanding.
DHCP Message Format (5)
• Flags
– Only one of the 16 bits is used, which is the
broadcast flag.
– A client that does not know its IP address when it
sends a request, sets the flag to 1.
• This value tells the DHCP server or relay agent receiving
the request that it should send the reply back as a
broadcast.
DHCP Message Format (6)
• Client IP Address
– The client puts its own IP address in this field if and
only if it has a valid IP address while in the bound
state; otherwise, it sets the field to 0.
– The client can only use this field when its address is
actually valid and usable, not during the process of
acquiring an address.
• Your IP Address
– IP address that the server assigns to the client.
DHCP Message Format (7)
• Server IP Address
– Address of the server that the client should use for
the next step in the bootstrap process, which may or
may not be the server sending this reply.
• Gateway IP Address
– The gateway address facilitates communications of
DHCP requests and replies between the client and a
server that are on different subnets or networks.
DHCP Message Format (8)
• Client Hardware Address
– Specifies the Physical layer of the client.
• Server Name
– The server sending a DHCPOFFER or DHCPACK
message may optionally put its name in this field.
(dhcpserver.netacad.net)
DHCP Message Format (9)
• Boot Filename
– Optionally used by a client to request a particular
type of boot file in a DHCPDISCOVER message.
– Used by a server in a DHCPOFFER to fully specify a
boot file directory and filename.
• Options
– Holds DHCP options, including several parameters
required for basic DHCP operation.
– Both client and server may use this field.
DHCP Discover
DHCP Offer
Configuring DHCP Server (1)
Configuring DHCP Server (2)
Configuring DHCP Server (3)
Configuring DHCP Server (4)
Verifying DHCP (1)
Verifying DHCP (2)
ipconfig /all
Verifying DHCP (3)
Verifying DHCP (4)
DHCP Relay (1)
• The client is not in the same network of DHCP
server
• The solution is to enable routers to forward
DHCP broadcasts to the DHCP servers.
• When a router forwards address
assignment/parameter requests, it is acting as a
DHCP relay agent.
DHCP Relay (2)
• Cisco IOS use command ip helper-address to
do relay function.
• It includes 8 UDP services
–
–
–
–
–
–
–
–
Port 37: Time
Port 49: TACACS
Port 53: DNS
Port 67: DHCP/BOOTP client
Port 68: DHCP/BOOTP server
Port 69: TFTP
Port 137: NetBIOS name service
Port 138: NetBIOS datagram service
DHCP Relay (3)
To specify additional ports, use the ip forward-protocol
command to specify exactly which types of broadcast packets
to forward.
Troubleshooting DHCP (1)
Troubleshooting DHCP (2)
In case of DHCP server is not on the same network and using DHCP relay function
Troubleshooting DHCP (3)
A useful command for troubleshooting DHCP operation
is the debug ip dhcp server events command.
This command reports server events, like address
assignments and database updates.
Private and Public IP Address (1)
• All public Internet addresses must be
registered with a Regional Internet Regiestry
(RIR).
– Organizations can lease public addresses from an
ISP.
– Only the registered holder of a public Internet
address can assign that address to a network
device.
Private and Public IP Address (2)
• Private IP addresses are a reserved block of
numbers that can be used by anyone.
– To protect the public Internet address structure,
ISPs typically configure the border routers to
prevent privately addressed traffic from being
forwarded over the Internet.
Private and Public IP Address (3)
NAT (Network Address Translation) (1)
• A mechanism to translate private addresses to
public addresses at the edge of their network
that works in both directions.
– Without a translation system, private hosts behind
a router in the network of one organization
cannot connect with private hosts behind a router
in other organizations over the Internet.
NAT (Network Address Translation) (2)
NAT (Network Address Translation) (3)
• Inside local address
– It is most likely an RFC 1918 private address.
– In the figure, the IP address 192.168.10.10 is
assigned to the host PC1 on the inside network.
• Inside global address
– Valid public address that the inside host is given
when it exits the NAT router.
– In this case, IP address 209.165.200.226 is used as
the inside global address for PC1.
NAT (Network Address Translation) (4)
• Outside global address
– Valid public IP address assigned to a host on the
Internet. For example, the web server is reachable
at IP address 209.165.201.1.
• Outside local address
– The local IP address assigned to a host on the
outside network. In most situations, this address
will be identical to the outside global address of
that outside device.
NAT (Network Address Translation) (5)
How NAT works (1)
How NAT works (2)
How NAT works (3)
How NAT works (4)
• There are two types of NAT translation:
dynamic and static.
• Dynamic NAT uses a pool of public addresses
and assigns them on a first-come, first-served
basis.
– When a host with a private IP address requests
access to the Internet, dynamic NAT chooses an IP
address from the pool that is not already in use by
another host.
How NAT works (5)
• Static NAT uses a one-to-one mapping of local
and global addresses, and these mappings
remain constant.
– Static NAT is particularly useful for web servers or
hosts that must have a consistent address that is
accessible from the Internet.
NAT Overload (1)
• NAT overloading (sometimes called Port
Address Translation or PAT) maps multiple
private IP addresses to a single public IP
address or a few addresses.
• Multiple addresses can be mapped to one or
to a few addresses because each private
address is also tracked by a port number.
NAT Overload (2)
NAT Overload (3)
NAT Overload (4)
NAT vs NAT Overloading
• NAT generally only translates IP addresses on a 1:1
correspondence between publicly exposed IP
addresses and privately held IP addresses.
• NAT overload modifies both the private IP address
and port number of the sender.
NAT Benefits and Drawbacks
Configuring Static NAT (1)
Configuring Static NAT (2)
Configuring Dynamic NAT(1)
Configuring Dynamic NAT(2)
Configuring NAT Overload (1)
Configuring NAT Overload (2)
Configuring NAT Overload (3)
Configuring NAT Overload (4)
Port Forwarding (1)
• Port forwarding (sometimes referred to as
tunneling) is the act of forwarding a network
port from one network node to another.
– This technique can allow an external user to
reach a port on a private IP address (inside a LAN)
from the outside through a NAT-enabled router.
Port Forwarding (2)
• Typically, peer-to-peer file-sharing programs
and key operations, such as web serving and
outgoing FTP, require that router ports be
forwarded or opened to allow these
applications to work.
• Because NAT hides internal addresses, peerto-peer only works from the inside out where
NAT can map register outgoing requests
against incoming replies.
Port Forwarding (3)
Verifying NAT (1)
Verifying NAT (2)
Verifying NAT (3)
Clearing NAT Table
Debugging NAT
Introduction to IPV6 (1)
• Need more available IP address
– Population growth
– Mobile users
– Transportation
– Consumer electronics
• No quality of service provided by IPv4
Introduction to IPV6 (2)
Introduction to IPV6 (3)
Introduction to IPV6 (4)
IPv6 addressing (1)
• IPv6 Representation (128 bit)
– Leading zeros in a field are optional.
• For example, the field 09C0 equals 9C0, and the field
0000 equals 0.
– Successive fields of zeros can be represented as
two colons "::“
• However, this shorthand method can only be used once
in an address..
– An unspecified address is written as "::" because it
contains only zeros.
IPv6 addressing (2)
IPv6 addressing (3)
IPv6 Global Unicast Address (1)
• Global unicast addresses typically consists of a
48-bit global routing prefix and a 16-bit subnet
ID.
• Individual organizations can use a 16-bit subnet
field to create their own local addressing
hierarchy.
– This field allows an organization to use up to 65,535
individual subnets.
IPv6 Global Unicast Address (2)
For more information see RFC 3587,
(IPv6 Global Unicast Address)
IPv6 Global Unicast Address (3)
• The current global unicast address that is
assigned by the IANA uses the range of addresses
that start with binary value 001 (2000::/3), which
is 1/8 of the total IPv6 address space and is the
largest block of assigned addresses.
• The IANA is allocating the IPv6 address space in
the ranges of 2001::/16 to the five RIR registries
(ARIN, RIPE, APNIC, LACNIC, and AfriNIC).
IPv6 Reserved Address
• The IETF reserves a portion of the IPv6
address space for various uses, both present
and future.
• Reserved addresses represent 1/256th of the
total IPv6 address space.
• Some of the other types of IPv6 addresses
come from this block.
IPv6 Private Address (1)
• Private addresses have a first octet value of
"FE" in hexadecimal notation, with the next
hexadecimal digit being a value from 8 to F.
– Site-local addresses, these addresses begin with
"FEC", "FED", "FEE", or "FEF".
• Same use as IPv4
– Link-local addresses, these addresses start with
"FE8", "FE9", "FEA", or "FEB".
• they are only for local communication on a particular
physical network segment.
Loopback Address
• Just as in IPv4, a provision has been made for a
special loopback IPv6 address for testing; datagrams
sent to this address "loop back" to the sending
device.
• However, in IPv6 there is just one address, not a
whole block, for this function.
• The loopback address is 0:0:0:0:0:0:0:1, which is
normally expressed using zero compression as "::1".
Unspecified Address
• In IPv4, an IP address of all zeroes has a special
meaning; it refers to the host itself, and is used
when a device does not know its own address.
• In IPv6, this concept has been formalized, and
the all-zeroes address (0:0:0:0:0:0:0:0) is
named the "unspecified" address.
– It is typically used in the source field of a datagram
that is sent by a device that seeks to have its IP
address configured. ("::“)
IPv6 Transition Strategies (1)
IPv6 Transition Strategies (2)
• Dual Stacking
– It is an integration method in which a node has
implementation and connectivity to both an IPv4
and IPv6 network.
– This is the recommended option and involves
running IPv4 and IPv6 at the same time.
– Router and switches are configured to support
both protocols, with IPv6 being the preferred
protocol.
IPv6 Transition Strategies (3)
• Tunneling
– Manual IPv6-over-IPv4 tunneling - An IPv6 packet
is encapsulated within the IPv4 protocol.
• This method requires dual-stack routers.
– Dynamic 6to4 tunneling - Automatically
establishes the connection of IPv6 islands through
an IPv4 network, typically the Internet.
IPv6 Transition Strategies (4)
• NAT-Protocol Translation (NAT-PT)
– This translation allows direct communication
between hosts that use different versions of the IP
protocol.
– At this time, this translation technique is the least
favorable option and should be used as a last
resort.
Dual Stack (1)
Dual Stack (2)
IPv6 Tunneling (1)