Advanced Internetworking Lab 1 – Dynamic Address Assignment

Advanced Internetworking IK2215

Lab 1 – Dynamic Address Assignment rev 1.1

Markus Hidell <[email protected]>

Voravit Tanyingyong <[email protected]>

Royal Institute of Technology (KTH) Telecommunication Systems Lab (TSlab)

Isafjordsgatan 39 164 40 Kista

Name: _______________________________________________ Date: _______________________________________________ Lab assistant signature: __________________________________

IK2215: Lab 1 – Dynamic Routing of 14

1. Introduction The purpose of this lab is that you should learn more about dynamic address assignment. Dynamic address assignment methods are often classified as being either stateful or stateless. In stateful address assignment there is a server that keeps track of what addresses that are currently in use and which addresses that could be assigned to new hosts. The example of stateful address assignment we will use in this lab is the dynamic host configuration protocol (DHCP). In stateless address assignment it is up to each individual host to find an appropriate address to use, be it with the help of a router to announce the network prefix of the network that the host is attached to. Protocols that provide stateless address assignment are e.g., Appletalk, IPX, CLNP and IPv6, and in this lab we will use IPv6 to illustrate the idea. The mechanisms to assign a network address also differs if the host connects via a shared access medium (when e.g., DHCP1 can be used), or if it done via a point-to-point link (when e.g., PPP IPCP2 can be used). On a shared access network one needs to handle situations where multiple servers offers addresses to the host, and where multiple hosts attempts to use the same address. In this lab we only consider shared access networks.

1.1. What to do before you come to the laboration Section 3 (Preparation) contains a list of things that you must do before you come to the laboration. It includes information about what reading material you should be familiar with, what software you need to install on your laptop, and also some preparation exercises that you should give answers to. We encourage you to bring your own laptop (if you have one), but then you should make sure you have the necessary software installed on your laptop. Contact your laboration assistant in advance if you have trouble with this. It is important that you answer the preparation exercises. Students will have to show answers to these questions at the start of the laboration. Those who have not done them will not be allotted to do the laboration. NOTE: It is not a requirement that you have the right answers on the questions. Furthermore, the answers do not have to be extensive; notes and keywords are good enough! The thing that is important is that you can show that you have tried to solve them. If you don't understand a question, write a note on what was unclear!

1 http://www.ietf.org/rfc/rfc2131.txt 2 http://www.ietf.org/rfc/rfc1332.txt


1.2. Equipment This laboration experiment has been designed to work for PCs running linux to the extent possible, and the intention is that you should use your own laptops as part of the laboration equipment. This has the good side-effect that it enables you to continue to explore these topics on your own, but be careful: If you run a DHCP server on your machine outside the lab environment you may very well interfere with some existing DHCP server serving the network you attach to! (This warning also applies if you would like to play with IPv6 router advertisements on your own.) Using ordinary PCs as DHCP servers works excellent, since the DHCP software that we will use (from the Internet Software Consortium (ISC3) runs on several Unix systems such as Linux and FreeBSD. In this lab instruction we will assume that you will use a PC running Linux, however, there should be no significant difference if you have a PC running FreeBSD, if you would like to use it instead.

2. Overview • Preparation • Lab setup • Stateless address autoconfiguration in IPv6 • DHCP

3. Preparation

3.1. Reading Material In order to be able to complete the lab on schedule you need to prepare. Below is a list of reading material that you must complete before coming to the lab.

1. Course book: The course book chapter 4 contains good information about IPv4 (section 4.4.2) and IPv6 (section 4.4.4).

• IPv6 o Section 4.4.4 overall information about IPv6 including

background, Datagram format, etc. o RFC 4862 specifies the steps a host takes in deciding

how to autoconfigure its interfaces in IPv6. o IPv6 Autoconfiguration

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html

• DHCP o Section 4.4.2 give good explanation about how DHCP

works and what messages are being exchanged in the process.

3 http://www.isc.org




o RFC 2131 covers the Dynamic Host Configuration Protocol. Sections 1 and 2 give a good introduction to the protocol. Take a look at section 3.1 too, since it provides information about the messages exchanged when a DHCP client contacts a DHCP server to get an address.

o The ISC DHCP distribution contains several files and man pages with useful information:

o dhcpd(8) man page. o dhcpd.conf sample file. o Several other man pages that you may find

interesting e.g. dhcprelay(8), dhcpd.conf(5), dhcpd.leases(5) and dhclient(8) man pages.

2. Wireshark documentation (optional): Extensive information about how to use Wireshark network protocol analyzer can be found at Wireshark’s home page (http://www.wireshark.org/docs/)

3.2. Software on your laptop 1. Wireshark: To sniff the traffic. You can install by running a

command “sudo apt-get install wireshark” 2. IPv6: To do the exercises regarding stateless IPv6 address

autoconfiguration you will need an IPv6 enabled kernel. You most probably have this by default and you could verify this by running “sudo modprobe ipv6”, and unless there is an error message everything should be fine.

3. DHCP: You should install the ISC DHCP distribution (DHCP client, server, and relay agent). It is recommended that you use Software Package Management tool that comes with your linux distribution to install DHCP client, server and relay agent. For example, in Debian (or ubuntu with sudo) you can use Advanced Packaging Tool (APT) by running a command “apt-get install dhcp3-client dhcp3-common dhcp3-relay dhcp3-server”. In fedora, you can run “yum install dhcp3-client dhcp3-common dhcp3-relay dhcp3-server”. You could also download source code from http://www.isc.org/ (or from its Swedish mirror site http://ftp.sunet.se/pub/network/isc/dhcp/), then unpack, compile and install it. In the installation example below we use the version dhcp-3.1.1.tar.gz, but you are probably able to find a newer version. Unpack and install the tar-ball as usual:

[root@somemachine src]# tar zxf dhcp-3.1.1.tar.gz [root@somemachine src]# cd dhcp-3.1.1 [root@somemachine dhcp-3.1.1]# ./configure [root@somemachine dhcp-3.1.1]# make [root@somemachine dhcp-3.1.1]# make install


http://www.wireshark.org/docs/

3.3. Preparation Questions Below are a number of preparation questions that you must complete before coming to the lab. The lab assistants will go over your answers before the lab starts and if you have not completed them in a satisfactory way you will be sent home so you can prepare in a proper way. Question 1 What prefix is used to form a link-local IPv6 address? And what would the link-local address for a host with an Ethernet interface with MAC address 00:E0:00:97:E7:B8 be? Answer: Question 2 What messages are exchanged on a successful DHCP handshake? (See 3.1 of RFC 2131) Answer: Question 3 To what IP destination address would a DHCP client send a DHCP discover message? Answer: Question 4 Let's say that you have a router that you would like to act as DHCP relay agent, and that you would like the relay agent to forward DHCP queries to a DHCP server with IP address 10.0.0.2. (See Figure 4.) What command line argument(s) would you give to dhcrelay3 in order to make this work? Answer: Question 5 Write down a dhcpd.conf file to be used in section 6.1. Answer:


Question 6 In section 6.1, we will study how permanent addresses can be assigned using DHCP. To this end, modify the dhcpd.conf file in question 5 so that a host with MAC address, 00:E0:00:97:E7:B8, on subnet 10.0.1.0/24 is always assigned the address 10.0.1.2. Answer: Question 7 Modify the dhcpd.conf file in question 6 so that instead of being assigned a permanent address, a host with MAC address, 00:E0:00:97:E7:B8, will be denied an address. Answer:

4. Lab setup There are 4 groups in total, 4-6 persons per group. Each group should have the following equipment:

• 3 hubs • 10 straight cables • 5 laptops (We will provide 3 laptops, which means that each group

will need to use 2 of their own laptops)

5. Stateless address autoconfiguration in IPv6 In this first part of the lab you will take a look at stateless address autoconfiguration in IPv6. In this part, each group is divided into 2 subgroups of 2-3 students per subgroup (2 laptops per subgroup).

5.1. Link local and duplicate address detection (DAD) In this part, you will investigate how and IPv6 host can form a unique link local IP address and use this address to communicate with other hosts on the same link/LAN. You will also learn how a host can test that the address it is about to assign itself is unique, often referred to as duplication address detection (DAD). On an Ethernet, the link-local address is formed by concatenating the link-local prefix with the interface identifier (based on a modified EUI-64 format). Although there should not be two hosts using the same interface identifier, a host performs a DAD procedure to really ensure that no-one is already using the address. It uses “neighbor discovery” messages.


Figure 1: IPv6 network used in this lab

Now do the following:

1. Connect your laptop to your group network as shown in Figure 1. 2. Make sure to stop dhcp client on your hosts. You can run command

sudo killall dhclient or sudo killall dhclient3 to stop it. 3. Run ifconfig –a and inspect your link-local IPv6 address? (you

might need to run sudo modprobe ipv6 to enable IPv6 support and sudo ifconfig <interface> up to bring up the interface).

4. Inspect the address. Was the prefix what you expected? Is the interface identifier what you expected (compare it with your MAC address)?

5. Ask your neighbor for his/her link local address and then try to ping to it using command ping6 –I <interface> <neighbour-link-local-address>

6. Now, within your subgroup, bring down the interface on one of your hosts using a command sudo ifconfig <interface> down.

7. Start wireshark on the other host, and then bring up the interface again.

8. Observe messages on wireshark and Answer the question below. 9. Call lab assistant to show your setup and result.

Question: What messages do you see? Answer:


5.2. Globally unique IPv6 address To get a global IPv6 by using stateless IPv6 address autoconfiguration, a router on your network must announce a prefix that you can prepend to your interface identifier. (The prefix announced by the router is the network part of your IPv6 address). The lab assistants have prepared an IPv6 router (R1-R4) on your network, but not yet informed it to route packets and advertise its network prefix. (To perform the route advertisement we use the radvd software. If you want to try it out yourself you could, e.g., install the radvd 'deb' (Debian) or 'rpm' (RedHat) packages, but that is out of the scope for this lab.) Now do the following:

1. Use the same set up from the previous section. 2. Ask your lab assistant to start the route advertisement daemon

(radvd) on your router! 3. Run sudo ifconfig –a command and inspect the address. Is the

prefix what you expected? 4. Use ping6 or traceroute6 to ping or traceroute to your router. 5. Then try to ping or traceroute to other IPv6 address on another

network, e.g. ping6 3ffe:200:15:fa05::2. (You can ask some other group for their host’s IPv6 address and try to ping it as well)

6. Now, within your subgroup, bring down the interface on one of your hosts using a command sudo ifconfig <interface> down.

7. Start wireshark on the other host, and then bring up the interface again.

8. Observe messages on wireshark and Answer the question below. 9. Call lab assistant to show and explain your debugging messages.

Question: What happens when the host sends a Router Solicitation? Answer:

6. DHCP In this first part of the lab you will take a closer look at Dynamic Host Configuration Protocol (DHCP). You will work in groups of 4-6 students during this part.

6.1. Getting start with DHCP


Figure 2: A simple setup with a DHCP server, a client and a monitoring host


1. Run “sudo cp /etc/dhcp3/dhcpd.conf /root” to make a backup of configuration file before you start.

2. Connect your setup as shown in Figure 2. 3. On your DHCP server, make sure that you kill all DHCP client

processes, and then manually assign IP address 10.0.0.2/24 to your ethernet interface. Then configure your DHCP server as follow:

a. To hand out addresses in range 10.0.0.10-10.0.0.20 (netmask 255.255.255.0)

b. Although we neither have a router nor any DNS server in this setup, make sure that any DHCP client will get default router 10.0.0.1 and name server 10.0.0.5. Let the domain name be dhcp.lab. Set the default lease time to 2 minutes (very short).

c. Add a line ddns-update-style none; (without a ddns-update-style statement you will probably get an error message when starting dhcpd).

4. Start your DHCP server. On Ubuntu you can do this by running command sudo /etc/init.d/dhcp3-server start. You might need to create a dhcpd.leases file by running command sudo touch /var/lib/dhcp3/dhcpd.leases. Check the /var/log/daemon.log file and make sure that DHCP server started without error.

5. Now you should start your DHCP client software on your DHCP client machine (C) by running sudo dhclient3 <interface>. (The description here assumes that your DHCP client software is dhclient3, but you may very well have some other DHCP client software such as dhclient, dhcpcd or pump.) Also inspect the routing table (route -n) and the file /etc/resolv.conf to verify that default gateway and name-server are configured correctly.

6. Now start wireshark on the monitoring machine. You should be able to see some DHCP traffic on the network, since both our DHCP clients will try to renew their leases regularly (about every 60 seconds if the lease time is only 2 minutes). Can you see any traffic?


7. Now, stop dhclient3 on the DHCP client machine (C) by running sudo dhclient3 -r <interface> (if there is no –r option, you may need to run sudo killall dhclient). Does it send any DHCP Release message to the server?

8. Run sudo dhclient3 <interface> on the DHCP client machine (C) again, and observe the messages exchanged between the DHCP client and server. Then answer all the question below

9. Call lab assistant to show and explain your debugging messages. Question: At step 8, what messages do you see? Does it correspond to the answer you gave in preparation question 2? Are the different messages sent using broadcast or unicast? Answer: Question: Did the client get the same address as before or some other address? Answer:

6.2. Duplicate address detection (DAD) In a previous section you studied how an IPv6 node avoids address conflicts by performing duplicate address detection (DAD). It turns out that DAD is useful also in stateful address assignment schemes such as DHCP, even though the DHCP server keeps track of the addresses that are supposed to be free. The reason is that some other machine could have been configured with one of these addresses (perhaps manually) without asking the DHCP server for permission! You might have noticed in the previous exercise that it takes some time from when a DHCP server receives a DHCP Discover message until it replies with a DHCP Offer. If not, stop and restart the DHCP client on (C) again and watch the traffic with wireshark on the monitoring machine (M). During this time the DHCP server sends probe message(s) to verify that no-one is already using the address before handing it out. The DHCP standard says that this is done by sending an ICMP Echo Request message, but what you see is probably just an ARP Request message. (The behavior is a bit unpredictable due to the content of the ARP cache.) Now you should establish the setup shown in figure 3. It is the same setup as before, but with an additional machine, the bad guy (B). The aim with this exercise is to watch what happens when a DHCP server attempts to


hand out an address to the client (C), which is already in use by the bad guy (B). Illustrating this is, however, non-trivial.

Figure 3: Bad guy with manually configured IP address


1. Assign an address to host “C”: Before you attach the bad guy machine (B) to the network, host “C” should be assigned an address from the server. For the purpose of this exercise, it is important that the lease time is low (e.g. 1-2 minutes). Note the IP address assigned to “C”, then stop the DHCP client on host C.

2. Assign the same address to host “B”: Now be a really bad guy and configure (manually) the IP address of machine (B) to be the address that the client (C) earlier leased sudo ifconfig eth0 <ipAddressOfC>.

3. Clear ARP cache in DHCP server (S): In the DHCP server (S), delete any remaining entry of ipAddressOfC in the ARP cache using command sudo arp -d <ipAddressOfC>. Without this step the DAD will most probably fail, unless you wait until the entry in the ARP cache at the server (S) times out itself.

4. Restart the DHCP client on C: Start the DHCP client on host “C” again, and observe the messages exchanged on the LAN. Also observe the /var/log/daemon.log file on the DHCP server.

5. Answer all the question below 6. Call the lab assistant to show your result.

Question: Will (C) get the same address again, or will it be assigned some other address? Answer: Question: How does the DHCP server treat an address that it detects as in use, although no-one is leasing it from the server? (Except from looking in the /var/log/daemon.log file you could also watch the


/var/state/dhcp3/dhcpd.leases file to see how the DHCP server denotes such an address. Answer:

6.3. Using DHCP relay agents We strongly encourage you to use your own laptops. However, in case none of you have a laptop, you might have to borrow it from another group for connecting as a client when you test your setup. Having a DHCP server present on every subnetwork may be result in lots of machines and servers for the system administrators to maintain. In order to serve DHCP clients although no DHCP server is present, one could make the routers (or even some other machine on the link) act as DHCP relay. Then you can centralize the DHCP server and simplify management.

Figure 4: Centralizing DHCP service by using DHCP relay agents

Although the DHCP Relay and the DHCP Server can be multiple hops apart, we will use the setup shown in figure 4 to illustrate this feature. To make this work you will also have to do some additional network configuration just to make routing work properly. Now do the following:

1. Configure the two routers (R1 and R2) with appropriate IP addresses for both of their Ethernet interfaces (use ifconfig as usual).

2. Enable routing on both R1 an R2 by using a command “sudo sysctl -w net.ipv4.ip_forward=1” (If you want routing to be enabled at startup you could edit the file /etc/sysctl.conf.)


3. Add routes to the networks behind the other router, i.e., on R1 do “sudo route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.0.4” and on R2 do “sudo route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.0.0.3”.

4. On the DHCP server, add routes to both networks in the same way as shown above.

5. Verify your setup by letting the DHCP server ping both 10.0.1.1 and 10.0.2.1, let R1 ping 10.0.2.1 and let R2 ping 10.0.1.1.

6. Now, if routing seems to work alright, it is time to configure the DHCP server and DHCP relay agents.

a. Update the dhcpd.conf file to assign address on the 10.0.1.0/24 and 10.0.2.0/24 networks as well. Make sure that the host on each of the subnet is assigned a default router appropriate for that network.

b. Start the DHCP relay agent on both R1 and R2, see also preparation exercise 4.

7. Attach a host to each of the two networks with DHCP relay support. Check if they get appropriate addresses? Then, try to ping each other?

8. Answer all the question below 9. Call the lab assistant to show your result.

Question: In Figure 4, why do you want to have a DHCP relay rather than DHCP server? Answer:

6.4. DHCP specific configurations for individual hosts So far your DHCP server has handed out addresses from a pool of free addresses irrespective of which host that asks for configuration information. However, there are times when you would like to give special treatment to different hosts. Below we first give an example where a specific IP address is given to a specific host, based on the MAC address of the host. We also have an example where a host with a specific MAC address is refused service by the DHCP server. Now do the following:

1. Find out the MAC address of one of your hosts. Update your dhcpd.conf so that this host will be assigned an address permanently, e.g., 10.0.0.30. Using DHCP this way can be a nice way to configure IP addresses of hosts instead of forcing the users to enter this information manually (with higher probability of errors).


2. Restart your DHCP server, so that it re-reads the updated configuration file.

3. Start dhclient on the host (the one with the specified MAC address). Did it work?

4. Then find out the MAC address of some other host (Bob). This time you should update dhcpd.conf so that it does not hand out any address at all to the host Bob. E.g., if Bob has an Ethernet network card with MAC address 00:E0:00:97:E7:B8 you could add the following lines to your /etc/dhcpd.conf file.

host bob {

hardware ethernet 00:E0:00:97:E7:B8; deny booting;

}

5. Start dhclient on that host (Bob) and verify that it does not get any address assigned.

6. Call the lab assistant to show your result.

7. Last step Now do the following:

1. On dhcp server, restore the original dhcpd.conf file by running “cp /root/dhcpd.conf /etc/dhcp3/dhcpd.conf”.

2. On all laptops, run “sudo shutdown –h now” at the shell terminal of each laptop. Important: Wait until the machine is completely turned off before closing the lid.

3. Put all equipment back in the right boxes. 4. Thank you!

End of Lab 1


Advanced Internetworking Lab 1 – Dynamic Address Assignment

Documents

Transcript of Advanced Internetworking Lab 1 – Dynamic Address Assignment