1 / 42

Dynamic Host Configuration Protocol (DHCP) Network Address Translation (NAT)

Dynamic Host Configuration Protocol (DHCP) Network Address Translation (NAT). CS491G: Computer Networking Lab V . Arun. Slides adapted from Liebeherr and El Zarki , Kurose and Ross, IBM, P. Kermani. Dynamic Host Configuration Protocol (DHCP). Dynamic Assignment of IP addresses.

hedva
Download Presentation

Dynamic Host Configuration Protocol (DHCP) Network Address Translation (NAT)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dynamic Host Configuration Protocol (DHCP) Network Address Translation (NAT) CS491G: Computer Networking Lab V. Arun Slides adapted from Liebeherr and El Zarki, Kurose and Ross, IBM, P. Kermani

  2. Dynamic Host Configuration Protocol (DHCP)

  3. Dynamic Assignment of IP addresses • Dynamic assignment of IP addresses desirable for • On-demand IP address assignment • Avoiding manual IP configuration • Supporting mobility, e.g., laptops or smartphones

  4. Dynamic IP addresses assignment solutions • Reverse Address Resolution Protocol (RARP) • Works similar to ARP, but broadcasts request for the IP address associated with a given MAC address • RARP server responds with an IP address • Only assigns IP address (not default router, netmask)

  5. BOOTP • BOOTstrap Protocol (BOOTP) • From 1985 • Host can configure its IP parameters at boot time. • 3 main services • Assigning IP address • Detecting IP address of a serving machine. • Name of executable boot file name • Can also assign default router, network mask, etc. • Sent as UDP messages (port 67:server and 68:host) • Use limited broadcast address (255.255.255.255)

  6. BOOTP Interaction • BOOTP can be used for downloading memory image for diskless PCs (network boot) • Static assignment of IP addresses to hosts (b) (a) (c)

  7. DHCP • Dynamic Host Configuration Protocol (DHCP) • From 1993 • Extension of BOOTP, same port numbers, interoperable • Extensions: • Supports temporary “leases” of IP addresses • DHCP client can acquire all IP configuration parameters needed to operate • DHCP is the preferred mechanism for dynamic assignment of IP addresses

  8. DHCP Interaction (simplified)

  9. DHCP discover src : 0.0.0.0, 68 dest.: 255.255.255.255,67 yiaddr: 0.0.0.0 transaction ID: 654 Typical DHCP client-server scenario DHCP server: 223.1.2.5 arriving client DHCP offer src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4 transaction ID: 654 lifetime: 3600 secs DHCP request src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 yiaddrr: 223.1.2.4 transaction ID: 655 lifetime: 3600 secs DHCP ACK src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4 transaction ID: 655 lifetime: 3600 secs Network Layer

  10. BOOTP/DHCP Message Format (There are >100 different options)

  11. DHCP Message Type • Message type sent as option

  12. Other options (selection) • Other DHCP information that can be sent as an option: Subnet Mask, Name Server, Hostname, Domain Name, Forward On/Off, Default IP TTL, Broadcast Address, Static Route, Ethernet Encapsulation, X Window Manager, X Window Font, DHCP Msg Type, DHCP Renewal Time, DHCP Rebinding, Time SMTP-Server, SMTP-Server, Client FQDN, Printer Name, …

  13. Network Address Translation (NAT)

  14. Private Network • Private IP network : not directly connected to the Internet • IP addresses in a private network can be assigned arbitrarily. • Not registered and not guaranteed to be globally unique • Designated private address ranges: • 10.0.0.0 – 10.255.255.255 • 172.16.0.0 – 172.31.255.255 • 192.168.0.0 – 192.168.255.255

  15. Private Network Example

  16. Network Address Translation (NAT) • Router function at boundary of private network that rewrites [IP,port] fields in incoming and outgoing packets

  17. NAT: network address translation motivation: local network uses just one IP address as far as outside world is concerned: • range of addresses not needed from ISP: just one IP address for all devices • can change addresses of devices in local network without notifying outside world • can change ISP without changing addresses of devices in local network • can use translation for load balancing • devices inside local net not explicitly addressable, visible by outside world (a security plus) Network Layer

  18. NAT: network address translation rest of Internet local network (e.g., home network) 10.0.0/24 10.0.0.1 10.0.0.4 10.0.0.2 138.76.29.7 10.0.0.3 datagrams with source or destination in this network have 10.0.0/24 address for source, destination (as usual) alldatagrams leaving local network have same single source NAT IP address: 138.76.29.7,different source port numbers Network Layer

  19. NAT: network address translation implementation: NAT router must: • outgoing datagrams:replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #) . . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr • remember (in NAT translation table)every (source IP address, port #) to (NAT IP address, new port #) translation pair • incoming datagrams:replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table Network Layer

  20. 3 1 2 4 S: 10.0.0.1, 3345 D: 128.119.40.186, 80 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 1:host 10.0.0.1 sends datagram to 128.119.40.186, 80 2:NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table S: 128.119.40.186, 80 D: 10.0.0.1, 3345 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 NAT: network address translation NAT translation table WAN side addr LAN side addr 138.76.29.7, 5001 10.0.0.1, 3345 …… …… 10.0.0.1 10.0.0.4 10.0.0.2 138.76.29.7 10.0.0.3 4:NAT router changes datagram destaddr from 138.76.29.7, 5001 to 10.0.0.1, 3345 3:reply arrives dest. address: 138.76.29.7, 5001 Network Layer

  21. Number of ways of using NAT • Static NAT: Translate each private IP address to a specific IP address • Dynamic NAT: Pool of inside global addresses and matching criteria • Port forwarding: redirecting incoming packets on specific ports to specific internal machine • Overloading: Using a small number of global addresses for much larger number of local addresses • Load balancing: Map same source [IP,port] in incoming packets to different internal servers Network Layer

  22. Cisco’s static NAT terminology

  23. Load balancing of servers

  24. Configuring NAT in Linux • Linux uses the netfilter/iptable package to add filtering rules to the IP module

  25. Configuring NAT with iptable • First example:iptables –t nat –A POSTROUTING –s 10.0.1.2 –j SNAT --to-source 128.143.71.21 • Pooling of IP addresses:iptables –t nat –A POSTROUTING –s 10.0.1.0/24 –j SNAT --to-source 128.128.71.0–128.143.71.30 • ISP migration: iptables –t nat –R POSTROUTING –s 10.0.1.0/24 –j SNAT --to-source 128.195.4.0–128.195.4.254 • IP masquerading: iptables –t nat –A POSTROUTING –s 10.0.1.0/24 –o eth1 –j MASQUERADE • Load balancing: iptables -t nat -A PREROUTING -i eth1 -j DNAT --to-destination 10.0.1.2-10.0.1.4

  26. NATmultiplexing limits • 16-bit port-number field: • ~65K simultaneous connections with a single LAN-side address! • Possible to have ~65K connections to each WAN-side destination Network Layer

  27. NAT drawbacks/controversies • routers should only process up to layer 3, address shortage ought to be solved by IPv6 • violates end-to-end argument • NAT possibility must be taken into account by app designers, e.g., P2P applications • Two private network machines can not communicate directly without third-party support • Performance: checksums need to be recomputed in transport and IP headers • IP fragmentation needs careful handling • Breaks apps that embed IP addresses (FTP) Network Layer

  28. NAT traversal problem/solutions • client wants to connect to server with address 10.0.0.1 • server address 10.0.0.1 local to LAN (client can’t use it as destination addr) • only one externally visible NATed address: 138.76.29.7 • solution1: statically configure NAT to forward incoming connection requests at given port to server • e.g., (123.76.29.7, port 2500) always forwarded to 10.0.0.1 port 25000 10.0.0.1 client ? 10.0.0.4 138.76.29.7 NAT router Network Layer

  29. 10.0.0.1 IGD NAT router NAT traversal problem/solutions • solution 2: Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol. Allows NATed host to: • learn public IP address (138.76.29.7) • add/remove port mappings (with lease times) i.e., automate static NAT port map configuration Network Layer

  30. 10.0.0.1 NAT router NAT traversal problem/solutions • solution 3: relaying (used in Skype) • NATed client establishes connection to relay • external client connects to relay • relay bridges packets between to connections 2. connection to relay initiated by client 1. connection to relay initiated by NATed host 3. relaying established client 138.76.29.7 Network Layer

  31. Lab 6 review

  32. Lab 6- Exercise 5C

  33. Lab 6- Exercise 5C Root Bridge 000d.56ef.267a 0002.e31c.7969 1 0 PC2 PC1 DP Note the path from PC1 to PC4 DP 0 0 0 RP RP 0009.437a.3560 RP 0009.433b.9400 0 0009.437a.3160 R3 R2 R1 1 1 1 009.437a.3561 0009.437a.3161 0009.433b.9401 DP DP 0009.433b.8bc0 0 0 PC4 R4 PC3 RP 1 0 0009.433b.5bc1

  34. Root Bridge Lab 6- Exercise 6A 000d.56ef.267a 0002.e31c.7969 1 0 PC2 PC1 DP 0 DP 0 RP 0009.437a.3560 0009.433b.9400 0 0009.437a.3160 RP 0 R3 R2 R1 1 1 1 009.437a.3561 0009.437a.3161 0009.433b.9401 RP DP DP RP 0009.433b.8bc0 0 0 PC4 R4 PC3 1 0 0009.433b.5bc1 RP

  35. Lab 6- Exercise 6B 000d.56ef.267a 0002.e31c.7969 1 0 PC2 PC1 RP 0 DP 0 DP 0009.437a.3560 0009.433b.9400 0 0009.437a.3160 0 R3 R2 R1 RP 1 1 1 009.437a.3561 0009.437a.3161 0009.433b.9401 DP RP Root Bridge 0009.433b.8bc0 DP 0 0 PC4 R4 PC3 RP 1 0 0009.433b.5bc1

  36. Lab 6- Exercise 7B

  37. 10.0.0.0/16 10.0.1.0/24 PC1 10.0.1.11/24 RT1 (Br) 10.0.1.2/24 Broadcast Domains RT2 10.0.3.0/24 10.0.4.0/24 PC3 10.0.4.31/24 10.0.3.2/24 RT4 (Br) RT3 10.0.3.3/24 10.0.4.3/24 PC2 10.0.3.21/24 PC4 10.0.4.41/16

  38. 10.0.0.0/16 10.0.1.0/24 PC1 10.0.1.11/24 RT1 (Br) 10.0.1.2/24 RT2 10.0.3.0/24 10.0.4.0/24 PC3 10.0.4.31/24 10.0.3.2/24 RT4 (Br) RT3 10.0.3.3/24 10.0.4.3/24 PC2 10.0.3.21/24 PC4 10.0.4.41/16

  39. 10.0.0.0/16 10.0.1.0/24 PC1 10.0.1.11/24 PC1 PC3 RT1 (Br) Ping succeeds 10.0.1.2/24 RT2 10.0.3.0/24 10.0.4.0/24 PC3 10.0.4.31/24 10.0.3.2/24 RT4 (Br) RT3 10.0.3.3/24 10.0.4.3/24 PC2 10.0.3.21/24 PC4 10.0.4.41/16

  40. 10.0.0.0/16 10.0.1.0/24 PC1 10.0.1.11/24 PC1 PC4 RT1 (Br) Ping fails 10.0.1.2/24 RT2 10.0.3.0/24 10.0.4.0/24 PC3 10.0.4.31/24 10.0.3.2/24 RT4 (Br) RT3 10.0.3.3/24 10.0.4.3/24 PC2 10.0.3.21/24 PC4 10.0.4.41/16

  41. 10.0.0.0/16 10.0.1.0/24 PC1 10.0.1.11/24 PC4 PC1 RT1 (Br) Ping succeeds 10.0.1.2/24 RT2 10.0.3.0/24 10.0.4.0/24 PC3 10.0.4.31/24 10.0.3.2/24 RT4 (Br) RT3 10.0.3.3/24 10.0.4.3/24 PC2 10.0.3.21/24 PC4 10.0.4.41/16

  42. 10.0.0.0/16 10.0.1.0/24 PC1 10.0.1.11/24 PC1 PC2 RT1 (Br) Ping succeeds 10.0.1.2/24 RT2 10.0.3.0/24 10.0.4.0/24 PC3 10.0.4.31/24 10.0.3.2/24 RT4 (Br) RT3 10.0.3.3/24 10.0.4.3/24 PC2 10.0.3.21/24 PC4 10.0.4.41/16

More Related