Transcript Chapter 23 -- Support Protocols - California State University, Long

CECS 474 Computer Network Interoperability
CHAPTER 23
Support Protocols:
ARP, DHCP, NAT & ICMP
Tracy Bradley Maples, Ph.D.
Computer Engineering & Computer Science
California State University, Long Beach
Notes for Douglas E. Comer, Computer Networks and Internets (5th Edition)
PART 1: ARP (Address Resolution Protocol)
Notes: • Hardware only recognizes MAC addresses
• Layers 3-5 only uses IP addresses
As a result: Software is needed to perform translation between IP addresses and
MAC addresses.
This software is part of the network interface.
The process is known as address resolution. (A protocol address is said to be resolved
to the correct hardware address.)
"Protocol addresses are abstractions provided by software; physical network
hardware does not know how to locate a computer from its protocol address. The
protocol address of the next hop must be translated to an equivalent hardware address
before a packet can be sent."
--Comer
ARP (Cont’d)
Address Resolution
Address resolution is local to a network. That is, a computer can resolve the address
of another computer only if both computers are attached to the same physical network.
Examples:
If A sends to B => The application on A uses B's IP address as the destination address in
the IP Datagram. Protocol software on A calls ARP to find B's MAC address and uses it
to send the frame.
If A sends to F => An application on A uses F's IP address as the destination address in
the IP Datagram. Protocol software on A cannot directly resolve F's address because F is
not local. So A determines that the next hop is router R1(and has R1’s IP Address).
Protocol software on A resolves R1's MAC address and uses it to send the frame.
Software on R1 determines that the next hop is router R2 (and has R2’s IP Address),
resolves the MAC address of R2, and uses it to send the frame. R2 receives the packet,
determines the destination F is attached locally, resolves the MAC address of F, and uses
it to send the packet.
ARP (Cont’d): Address Resolution with Message Exchange
Message exchange is a distributed approach where a computer that needs to resolve
an address sends a message to a remote machine.
Typically: Message-exchange is the address resolution method used on LAN
hardware.
The TCP/IP protocol suite includes an Address Resolution Protocol (ARP) to
standardize the formats and meanings of messages.
Two types of ARP messages:
• request -- contains an IP address and requests the hardware address.
• response -- contains both the IP address and the hardware address (i.e., resolves
the IP address to a MAC Address).
ARP (Cont’d): ARP Message Delivery
ARP specifies that the ARP request should be:
• placed in a hardware frame
• broadcast to all computers on the network
• each computer should receive and examine the IP address
• the computer mentioned in the request sends a response, the others discard
the request without a response. (Note: the response is sent as a unicast, not a
broadcast.)
Figure: An ARP message exchange.
(a) Computer W begins to broadcast
an ARP request that contains
computer Y's IP address.
(b) All computers receive the request.
(c) Computer Y sends a response
directly to W.
ARP (Cont’d): ARP Message Format
Generality: ARP is designed to work with any IP address size and any MAC address
size.
Difficulty: An ARP message must contain a MAC (hardware) address. Although
most MAC addresses are 48-bits, not all are.
Solution:
• Use a fixed-size field at the beginning of the message to specify the size of the
address.
• To increase the generality of ARP, an address length field is included for the IP
addresses as well.
ARP (Cont’d): ARP Message Format
While ARP can be used to bind an arbitrary high-level address to an
arbitrary hardware address, it is almost always used to bind a 32-bit
IP address to a 48-bit Ethernet or WiFi address.
ARP (Cont’d): Sending an ARP Message
ARP messages is transmitted in a hardware frame.
The ARP message is treated as the data being transported (i.e., the network
hardware does not know anything about the ARP message).
We say, “The ARP message is encapsulated in the hardware frame.”
ARP (Cont’d): Identifying ARP Frames
A computer knows that an incoming frame contains an ARP message using the type
field in the frame header.
Example: In the Ethernet standard, a frame containing an ARP packet must contain
the hex value 0x806.
Caching ARP Responses
• ARP software extracts and saves information from a response so that it can be used
in subsequent packets.
• ARP software maintains a small table of bindings in memory to be used as a cache.
ARP (Cont’d): Processing an Incoming ARP Message
When an ARP message arrives, the receiver must:
1) Extract the sender's address binding, and checks to see if it is in the cache. If it is,
it uses the incoming ARP message to replace the previously stored binding.
2) The receiver examines the OPERATION field to determine whether the message
is a response or a request.
• If it is a response, the receiver is waiting for a binding, so the binding is
extracted, cached, and used to send a packet.
• If it is a request, the receiver compares the TARGET PADDR with the local
protocol address. If the two are identical, the computer issues a response (i.e.,
the receiver sends the binding of it’s IP address and MAC address).
ARP Optimization:
-
Computers use the ARP messages to keep their caches’ current. See (1) above.
After a computer replies to an ARP request, it extracts the sender's address binding
and adds it to the binding cache.
ARP (Cont’d): Layering, Address Resolution, Protocol Addresses
Address resolution takes place in the Network Interface Layer.
Conceptual Boundary: Higher
protocol layers and applications
use only protocol addresses not
physical addresses.
PART 2: DHCP (Dynamic Host Configuration Protocol)
Defn: DHCP (Dynamic Host Configuration Protocol) is a protocol designed to
enable individual computers on an IP network to obtain their network configurations
from a server.
• The DHCP server assigns the address.
• Without DHCP, the IP address must be assigned individually and then entered
manually at each computer system.
• With DHCP, the system automatically obtains an IP address from the server
during the boot-up process, requiring no intervention on the part of either ITS or
the user (once the user configures their computer to use DHCP).
DHCP (Cont’d): Advantages of DHCP
1.
Eliminates the need for manual client configuration
Manually assigning client IP addresses is complicated because many network enabled
devices are mobile. These devices are frequently moved from one network to another.
2.
Efficient utilization of IP Address space
Each computer is assigned its configuration from a "pool" of available IP addresses for a
specific time period (a lease period), meaning no IP addresses are wasted.
3. Ease of changing network parameters
Major network resource changes requires only the DHCP server be updated with the
new information, rather than every system.
4. Host mobility is enabled
DHCP provides the capability for a client to connect to any subnet that has DHCP
without changing the setup. Thus, users with laptops can easily rove campus without
having to ever modify their network configuration if using DHCP.
5. Immediate and automatic address assignment
IP addresses are assigned by the DHCP server automatically, without the need for
manual intervention.
DHCP (Cont’d): How DHCP Works…
DHCP assigns a number automatically based on a defined range of numbers (i.e., a
scope) that belongs to a network.
DHCP assigns a TCP/IP address when a system is started.
DHCP Operation:
• A user turns on a machine with a DHCP client.
• The machine goes to the router and looks for a DHCP helper address.
• The router directs the machine to the correct DHCP server.
• The client sends a DHCP REQUEST packet.
• The server sends a DHCP OFFER packet.
• The client sends a DHCP ACK packet.
• The server assigns an IP number according to the scope range defined on the server.
PART 3: NAT (Network Address Translation)
With IPv4, every computer using the Internet needs a unique IP address of the form
X.X.X.X (where each X is a number from 0 to 255).
Due to the limited number of IPv4 addresses, there is a need for Private Networks with
IP addresses that are private and not valid on the Internet.
To fill this need, there are certain addresses (10.X.X.X and 192.168.X.X) that have
been designated for use on these Private Networks that are not part of the Internet.
No computer directly attached to the public Internet is allowed to have these addresses.
When such a network wants to communicate with the Internet it does it though a NAT
Router (or NAT Gateway).
NAT (Cont’d): Overloading
Defn: NAT overloading allows a single public IP address to be shared among multiple
private IP addresses.
The Overloading Process
Initially:
• The company sets up a NAT-enabled router. The router has one unique IP
address allocated by the ISP.
• An internal network is set up with private local IP addresses that are not
allocated by an ISP. (Usually, 192.168.X.X or 10.X.X.X)
NAT (Cont’d)
Outgoing traffic during NAT operation:
• A computer on the internal network attempts to connect to a computer outside the
network, such as a Web server.
• The router receives the packet from the internal network.
• The router saves the computer's private IP address and port number to an address
translation table. The router replaces the sending computer's non-routable IP
address with the router's IP address. The router replaces the sending computer's
source port with the [bogus] port number in the address translation table.
• The translation table now has a mapping of the computer's non-routable IP address
and port number along with the router's IP address.
NAT (Cont’d)
Incomming traffic during NAT operation:
• When a packet comes in from a destination computer, the router extracts the
destination port on the packet. It finds the address in the address translation table.
It changes the destination address and destination port to the ones saved in the
address translation table and the packet onto the local network.
• The computer receives the packet from the router
• Since the NAT router now has the computer's source address and source port saved
to the address translation table, it will continue to use that same port number for
the duration of the connection. The entries in the address translation table time out.
Example: A Sample NAT Address Translation Table
PART 4: ICMP (Internet Control Message Protocol)
• IP defines a best-effort communication service: datagrams can be lost, duplicated,
delayed, or delivered out of order.
• To achieve best-effort service, IP attempts to avoid errors and to report problems
when they occur.
• IP includes a companion protocol, called ICMP, it is used to report errors back to the
original source.
• IP and ICMP are co-dependent
 IP depends on ICMP to report errors
 ICMP uses IP to carry error messages
Many ICMP messages
have been defined.
Here are a few:
ICMP (cont’d)
Examples of error detection in IP:
Checksum
When a host creates an IP datagram, it includes a checksum that covers the entire
header. When a datagram is received, the checksum is verified to ensure that the header
arrived intact.
TIME TO LIVE Field
TTL is used to prevent a datagram from circulating forever.
When the TTL reaches zero, the datagram is dropped and an error message is generated.
ICMP contains two message types:
1. Messages to report errors
2. Messages to obtain information