04net Dhcp Nat

8/2/2019 04net Dhcp Nat

1/16

Network Layer - DHCP, NAT 06 Mar 12

CSCD58 Computer Networks 1

04netC CSCD58S Computer Networks 1

IP Address Block Allocation

Q: How does an ISP get block of addresses?A: ICANN: Internet Corporation for Assigned

Names and Numbers

allocates IP addresses manages DNS system

assigns domain names, resolves disputes

generates a lot of controversy ;-)


2/16




IP addresses: how to get one?

Q: How does a host get IP address?

hard-coded by system admin in a file Wintel: control-panel->network->configuration->tcp/ip->properties UNIX: /etc/rc.config

DHCP: Dynamic Host Configuration Protocol:

dynamically get address: plug-and-play (RFC 2131) host broadcasts DHCP discover msg DHCP server responds with DHCP offer msg host requests IP address: DHCP request msg DHCP server sends address: DHCP ack msg

NAT: Network Address Translation use a one (or few) public network addresses to stand in for a

large number of private network addresses, e.g. on a homenetwork.


3/16




DHCP: Dynamic Host Configuration Protocol

Goal: allow host to dynamically obtain its IP address

from network server when it joins network Allows reuse of addresses (host only holds address while

connected and on)

Host allowed to renew lease on address currently in use

Support for mobile users who want to join network (morelater)

DHCP overview: host broadcasts DHCP discover msg

DHCP server responds with DHCP offer msg

host requests IP address: DHCP request msg

DHCP server sends address: DHCP ack msg


4/16




DHCP client-server scenario

223.1.1.1

223.1.1.2

223.1.1.3

223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

223.1.3.2223.1.3.1

223.1.3.27

A

BE

DHCPserver

arriving DHCP

client needsaddress in thisnetwork


5/16




DHCP client-server scenarioDHCP server: 223.1.2.5 arriving

client

time

DHCP discover

src : 0.0.0.0, 68dest.: 255.255.255.255,67

yiaddr: 0.0.0.0

transaction ID: 654

DHCP offer

src: 223.1.2.5, 67dest: 255.255.255.255, 68

yiaddrr: 223.1.2.4transaction ID: 654Lifetime: 3600 secs

DHCP request

src: 0.0.0.0, 68dest:: 255.255.255.255, 67


DHCP ACKsrc: 223.1.2.5, 67dest: 255.255.255.255, 68



6/16




DHCP: example connecting laptop needs its

IP address, addr of first-hop router, addr of DNS

server: use DHCP

router(runs DHCP)

DHCPUDP

IPEth

Phy

DHCP

DHCP

DHCP

DHCP

DHCP

DHCPUDP

IPEth

Phy

DHCP

DHCP

DHCP

DHCPDHCP

DHCP request encapsulatedin UDP, encapsulated in IP,encapsulated in 802.1

Ethernet Ethernet frame broadcast

(dest: FFFFFFFFFFFF) on LAN,received at router runningDHCP server

Ethernet demuxed to IPdemuxed, UDP demuxed toDHCP

168.1.1.1

N t k L DHCP NAT 06 M 12


7/16




DHCP server formulatesDHCP ACK containingclients IP address, IPaddress of first-hoprouter for client, name& IP address of DNSserver

router(runs DHCP)

DHCPUDP

IPEth

Phy

DHCP

DHCP

DHCP

DHCP

DHCPUDP

IPEth

Phy

DHCP

DHCP

DHCP

DHCP

DHCP

encapsulation of DHCPserver, frame forwardedto client, demuxing up toDHCP at client

client now knows its IP

address, name and IPaddress of DNS server,IP address of its first-hop router

DHCP: example

Network Layer DHCP NAT 06 Mar 12


8/16




DHCP advantages over fixed address assignment:

simplifies network administration (and reduces errors e.g.

2 hosts using same IP address due to misconfiguration) improves utilization of address space

support for roaming users

each DHCP server controls a block of IP addressesthat it makes available to individual hosts on demand

IP addresses are leased

client should renew after about 2/3 of lease has expired soft state, leases revert if not renewed

client can send DHCPRelease or just allow the lease toexpire

Network Layer DHCP NAT 06 Mar 12


9/16




Network Address Translation (NAT)

interim solution to IP address space exhaustion a kludge (but a useful one)

sits between a network and the Internet

job is to translate local network layer addressesto global IP addresses

shares a single (or pool of) IP address(es) among alarger number of hosts

uses special unallocated (non-public) addresses(RFC 1597) within the local network 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

Network Layer - DHCP NAT 06 Mar 12


10/16

Network Layer DHCP, NAT 06 Mar 12



NAT: Network Address Translation

Motivation: local network uses just one IP address as

far as outside word is concerned: no need to be allocated range of addresses from

ISP: - just one IP address is used for all localnetwork devices

can change addresses of devices in local networkwithout notifying outside world

can change ISP without changing addresses ofdevices in local network

devices inside local net not explicitly addressableby or visible to outside world (a security plus).



11/16

Network Layer DHCP, NAT 06 Mar 12




192.168.0.1

192.168.0.2

192.168.0.3

192.168.0.4

138.76.29.7

local network

(e.g., home network)192.168.0/24

rest of

Internet

Datagrams with source ordestination in this network

have 192.168.0/24 address forsource, destination (as usual)

All datagrams leaving localnetwork have same single source

NAT IP address: 138.76.29.7,different source port numbers



12/16

y ,




for outgoing datagrams: replace of every outgoing datagramwith . . . remote clients/servers will respond using

asdestination addr.

remember (using NAT translation table)every to translation pair

incoming datagrams: replace in dest fields of everyincoming datagram with corresponding stored in NAT table



13/16




10.0.0.1

10.0.0.2

10.0.0.3

S: 10.0.0.1, 3345D: 128.119.40.186, 80

110.0.0.4

138.76.29.7

1: host 10.0.0.1sends datagram to128.119.40.186, 80

NAT translation tableWAN side addr LAN side addr

138.76.29.7, 5001 10.0.0.1, 3345

S: 128.119.40.186, 80D: 10.0.0.1, 3345 4

S: 138.76.29.7, 5001D: 128.119.40.186, 802

2: NAT router

changes datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table

S: 128.119.40.186, 80D: 138.76.29.7, 5001 3

3: Reply arrivesdest. address:138.76.29.7, 5001

4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345



14/16



NAT traversal problem client wants to connect to

server with address 10.0.0.1 server address 10.0.0.1 local

to LAN (client cant use it asdestination addr)

only one externally visibleNAT address: 138.76.29.7

solution 1: staticallyconfigure NAT to forwardincoming connectionrequests at given port to

server e.g., (123.76.29.7, port 2500)

always forwarded to 10.0.0.1port 25000

10.0.0.1

10.0.0.4

NATrouter

138.76.29.7

Client?



15/16



NAT traversal problem solution 2: Universal Plug and

Play (UPnP) Internet GatewayDevice (IGD) Protocol. AllowsNATd host to: learn public IP address

(138.76.29.7) add/remove port mappings

(with lease times)

i.e., automated user-

configurable static NATport map configuration

10.0.0.1

10.0.0.4

NATrouter

138.76.29.7

IGD



16/16



NAT traversal problem solution 3: relaying (used in Skype)

NATed client establishes connection to relay External client connects to relay

relay bridges packets between to connections

138.76.29.7

Client

10.0.0.1

NATrouter

1. connection torelay initiatedby NATd host

2. connection torelay initiatedby client

3. relayingestablished

04net Dhcp Nat

Documents

Transcript of 04net Dhcp Nat