TSIN02 - Internetworking

© 2004 Image Coding Group, Linköpings Universitet

Lecture 6: Autoconfiguration

Literature:� Forouzan: ch 16: BOOTP, DHCP� Forouzan: ch 17: DNS� RFC2642: IPv6 Stateless Address Autoconfiguration� RFC3927: Dynamic Configuration of IPv4 Link-Local Addresses� RFC3315: DHCPv6 (optional extra material)� RFC2131: DHCPv4 (optional extra material)� RFC2608: Service Location Protocol, Version 2 (optional extra material)

2

� Know parameters needed to setup a node for IPv4 or IPv6 communication

� Know some different strategies to do this:� Manual configuration� Centralized static configuration� Centralized dynamic configuration� Zero configuration

� Finding services� Know how it can scale to larger networks� The Service Location Protocol Framework

3

Outline:

� Application layer basics

� ARP/ RARP� Network parameters & DNS

� BOOTP

� DHCP

� Message types� Options� Msg exchange example

� Zeroconf

� IPv6

� Address structure� DHCPv6� Stateless address

autoconfiguration� Service Discovery

� Abstract vs specificservices

� Service Location Protocol (SLP)

4

In the TCP/IP stack the application layer covers the top three layers of the OSI-model.

5

� A client is a program that requests services from another program.

� Uses active open when requesting service� Active close when finished

� A server is a program that provides services to another program.

� Uses passive open to listen for requests.

Figure from Forouzan 6Figure from Forouzan

7

Clients can be run on a machine� iteratively, ie one at a time, or� concurrently, ie more than on in parallel.

Connection can be� connectionless (UDP)� connection oriented (TCP)

Servers can (in theory) be� connectionless iterative � connectionless concurrent� connection-oriented iterative� connection-oriented concurrent

TSIN02 - Internetworking

8

Connectionless Iterative Server

Figure from Forouzan

9

ARP – Address resolution protocol. (RFC 826)� Dynamically maintain a cache of mappings:

IP# → Link-local MAC-address (6bytes)� An ARP package has the following format:

Target hardware address (MACT)

Hardware Type(Ethernet: 0x1) ProtocolType (Ipv4 0x8)

Hardwarelength (0x6)

Protocollength (0x4)

Request (1) or Response (2)Op

Sender hardware address (MACS)

Sender protocol address (IPS)

Target protocol address (IPT)

ARP(Op, MACS, IPS, MACT, IPT) 10

ARP(2, MACT, IPT

, MACS, IPS

)

IPS

ARP(1, MACS, IP

S, 0, IPT)

� Resolving an IP# using ARP. Host IPS doesn’t know the mapping IPT → MACT.

IPT

broadcast

Receiver of ARP request also updates its own ARP-cache with the sender fields of the received package.

11

1. ARP(1, MAC1, IP1, 0, IP2)

A kind of routing can be had between two subnets using proxy ARP

IP1 IP2

IP3

MAC3A MAC3B

2. ARP(1, MAC3B, IP1, 0, IP2)

3. ARP(2, MAC2, IP2, MAC3B, IP1)

4. ARP(2, MAC3A, IP2, MAC1, IP1)

A-net B-net

broa

dcas

t

broadcast

12

A host can broadcast ARP requests for itself:

ARP(1, MyMAC, MyIP, 0xffffff, MyIP)

There are two uses for this:� A host can check for misconfigurations. I.e., does any

other host use my IP#? In that case the host will get an ARP reply and can log an error report.

� When the network interface card is changed (and the corresponding MAC) a host can broadcast this change on the net forcing updates in all ARP-tables.

13

When host A don’t know its own IP# it canbroadcast the RARP request:

ARP(3, MACA, 0, MACA, 0)

The RARP server B answers with unicast:

ARP(4, MACB, IPB, MACA, IPA)

RARP only really handles local networks since it doesn’t convey information about the subnet mask in use and gateway IP.

RARP is not used at all in Ipv6.ARP functionality is built in into ICMPv6.

14

The typical parameters needed for an end host to enable IP communications are:

� The IP-address (A)� The netmask (M)

� Addresses B not matching the mask is sent to the gateway ( (B & M ) != (A & M) ). Otherwise use ARP and find host B on local network.

� The gateway P

� Typically ( 0x1 | (A & M) )� What an unconfigured host can do is broadcast

� Can use 255.255.255.255 (broadcast on all attached interfaces)

� (A & M) | (255.255.255.255 ^ M) for specific interface

15

The DNS service is a crucial component of the Internet. IP-numbers are sometimes difficult to use.

� People don't want to remember IP numbers� Nodes may change their IP addresses.� Subnets may be restructured and netmasks

changed.� Networks switch to other operators.

DNS is a global distributed database letting us have persistent identifications of hosts, services and to some extent also data.

16

The name space of the Internet is divided into three different sections

Figure from Forouzan

17Figure from Forouzan 18Figure from Forouzan

19

� Query for:� address� name server� host information� services � etc

� Responce to queries

DNS messages can be sent through UDP (if less than 512 bytes) or TCP (otherwise)

20Figure from Forouzan

21Figure from Forouzan 22Figure from Forouzan

23

A host can of course be manually configured with IP, netmask, gateway and DNS.

This is not so hard if host needs to be manually configured with further software etc. But the drawbacks are apparent:

� In large networks a scheme is needed anyway. Why not automate it?

� Ease network topology changes. We can focus on sub-netting and configuring routers. Hosts manage themselves!

� A host might not even have persistent memory (Diskless clients, printers etc.) making manual configuration impossible!

� Hosts may be added, removed or moved around on different subnets.

24

Defined in RFC951 (1985). BOOTP allows us to have the auto-configuration service running over the normal IP stack

This is encapsulated in UDP to port 68. The request is broadcast (IP target host 255.255.255.255) The reply goes to port 68 and may be unicast, but then the bootp server needs to update the ARP-table itself. However the reply can be broadcast in which case the TransactionID resolves simultaneous requests.

Options might contain subnet mask, time, time servers, DNS servers, print servers, host name etc. Also some vendors have registered fields.

1 = BOOTREQUEST, 2 = BOOTREPLY

Figure from Forouzan

25Figure from Forouzan 26

To achieve robustness BOOTP...� uses UDP checksum option� client uses timers and retransmission.

� Retransmission timer is in the order of seconds� Timer is randomized to avoid network jam right after e.g., a

power failure.

more...� A relay agent can be used to � BOOTP normally reside in read-only/flash memory in disk-

less clients BIOS.� The TFTP protocol (RFC1350) is usually used to fetch the

OS image given in the Boot File Name field.

27

A BOOTP server typically has a static table where each host’s MAC-address is mapped to IP# (Typically in a file /etc/ethers)

The Server IP field tells of the next server to use if on a disk-less client (typically TFTP of kernel image)

28

BOOTP doesn’t solve the problem with hosts moving around!

� Let’s say we have a /24 subnet (255 nodes).� Visiting hosts are possibly more numerous.

We want to be able to withdraw IP#� Hosts actively releasing their IP#� Time-out mechanisms for when IP# are

automatically withdrawn.

Hosts need to be able to renew their IP# lease.Host may need information about lots of servers.

This requirements are fulfilled by...

29

DHCP for IPv4 – See RFC2131

DHCP is backwards compatible with BOOTP:� A BOOTP client can request a static configuration

from a DHCP server.� Same well-known port numbers are used

The message format is the same� “Unused”-field is now “Flags”. Only LSB is used (client

enforce broadcast reply)� More options than BOOTP

30

Mandatory in every DHCP messageClient → Server� DHCPDISCOVER (1) broadcast to locate servers� DHCPREQUEST (3) requesting offered parameters etc.� DHCPDECLINE (4) indicate address already in use� DHCPRELEASE (7) release network address� DHCPINFORM (8) ask for parameters but not IP# (1997)

Server → Client� DHCPOFFER (2) server’s response to DHCPDISCOVER� DHCPACK (5) confirm client’s now has lease� DHCPNACK (6) tell client its IP# is expired/incorrect

31

server(not selected)

server(selected)client

DHCPDISCOVER DHCPDISCOVERDeterminesconfiguration

Determinesconfiguration

DHCPOFFERDHCPOFFER

Collect replies

Select configuration

DHCPREQUEST DHCPREQUEST

DHCPACK

DHCPRELEASE

broadcast

broadcast

Sees that request does not match offer. (May now release internal lock)

Commits to previous offer

Discard release

TSIN02 - Internetworking

32

DHCP – State Transition Diagram

Figure from Forouzan

33

� Routers� DNS servers� Time servers� Printer servers� Log servers� Swap servers� Mail servers (SMPT)� POP3 servers� NIS servers

� Font servers (X-Windows)� MobileIP Home Agents� Broadcast address� ARP cache timeout val� Ethernet 2 / IEEE802.3� TTL values� Forwarding flag� Source route policy� Plus many more...

Standard options for BOOTP/DHCP are listed in RFC2132

34

Simple ad-hoc network scenario. Hosts are connected to a local network. No special RARP/DHCP server exist.

How to configure hosts with unique IP#?

Answer: RFC3927� Formally what Windows and Mac already do� Picks random addresses from subnet 169.254/16� Randomization should give same sequence between

boots (e.g., use MAC-address for seed)� Use “ARP-probes” to check for collisions

ARP(1, MyMAC, 0, 0xffffff, MyRandomIP)� Defend once if active TCP connections etc.

35

The address is 128 bits long (16 bytes)

Example notation:

FE80:BA98:0074:3210:000F:BBFF:0000:FFFF

may be abbrevated:

FE80:BA98:74:3210:F:BBFF:0:FFFF

Globally routable unicast addresses have the

SubscriberIdentifier

ProviderIdentifier

SubnetIdentifier Node Identifier

8 16 24 32 48

010 Registry INTERNIC 11000RIPNIC 01000APNIC 10100

Pick MAC-address here!

36

Two methods� Stateful DHCPv6 requests� Stateless Address Autoconfiguration

In IPv6 routers periodically send Router Advertisements (ICMPv6)

� Stateful autoconfiguration available or not� Other stateful parameter configuration available� Various timing values.� >>> Prefix Information <<<

37

� Simpler message structure:

� Requires globally unique identifiers of clients and hosts (DUID – DHCP Unique Identifier). These can be constructed from MAC-addresses.

� Client uniquely identifies network interfaces.

msgtype transactions-ID

options(variable)

8 24

38

Client → Server

� SOLICIT (1) locate servers

� REQUEST (3) request parameters from a specific server

� CONFIRM (4) confirm that address is still appropriate

� RENEW (5) try extend lifetime of assigned addresses

� REBIND (6) follows an unresponsive RENEW. Get other parameters

� RELEASE (8) tell server we don’t use one or more addresses

� DECLINE (9) tell server one or more addresses already seem in use

� INFORMATION REQUEST (11) Request configuration params without IP#

Server → Client

� ADVERTISE (2) server’s ready to serve. Response to SOLICIT

� REPLY (7) general reply message. May contain configuration parameters

� RECONFIGURE (10) tell client it needs to RENEW

39

� Not so many options yet.� Client DUID, Server DUID, Client interface ID� IPv6 address + lease time

(obviously such an option!)� Rapid transaction option (two messages)

� Security!� DHCPv6 may use IPSec� Authentication option (works both ways)

� DNS configuration option: RFC3646 (servers and domain lists)� Some more options on draft stage in the dhc working group.

� Time, NIS, timezones, tunnels, boot images etc.

40

� RFC2462� Similar to zeroconf we form an link-local address and

run the “Duplicate Address Detection” scheme.� IPv6 link-local prefix: FE80::0. Put the hardware

interface’s address (length N) in the rightmost N bits. Maximum allowed hardware address length 118bits.(Note: there exists a 64-bit standard hardware addressing system)

� Listen for router advertisements and the “Prefix Information” field. Use these prefixes to form (possibly many) routable addresses! (global and site)

41

Taking it one step further...

Work is underway to enable autoconfiguration of IPv6 addresses for whole network topologies. See draft,

Requirements for IPv6 prefix delegation

on the ipv6 working group page.

An expired draft (2000) can be found at 6ants.net� Routers search for “delegating routers” via a multicast

query.� It picks one delegating router and sends an initial request

requiring a prefix of needed length� Delegating answers responds with a prefix which

querying router may use till it expires42

Problem statement: How to automatically find a host responsible for running a particular service?� Many protocols uses broadcast or registered multicast

addresses for sending requests to a server with unknown unicast address,� IGMP, RARP, BOOTP, DHCP, MADCAP, SIP

� Services may broadcast their existence. Typically used in file/printer sharing networks → broadcast storms in large networks →

� Directory services which summarizes available services (NIS, Novell Directory Service, Microsoft Active Directory, Apple Open Directory). Not only shares and printers but also hosts in general and user authentication information.

43

Two generic mechanisms for discovering services can be found in IETF’s working groups

� A new DNS resource record type SRV has been defined in RFC2782. I.e., the DNS server can be queried for needed services.

� The Service Location Protocol defined by the svrloc (now concluded) working group. This mechanism allows for queries of abstract services (explained later) as well as LDAP (Light Weight Directory Access Protocol) filtering based on predefined attributes for services

� Of these two methods the DNS SRV seems to survive. For instance Windows 2000 uses the scheme when looking for active directories.

44

[_Service._Proto.Name TTL Class SRV Priority Weight Port Target]

_Service A service name as defined by IANA,See www.iana.org/assignments/service-names.

_Proto A protocol from the same namespace as above.Typically “_TCP” or “_UDP”

Name DNS-domain name

TTL (32 bits) For how long the record can be cached (in seconds)

Class Network class (1 = Internet)

SRV The Resource Record string identifier (type# = 33)

Priority (16 bits) Client must try to pick serving host with lowest value

Weight (16 bits) When client finds several services of the same priority it picks one with a probability proportional to the weight value.

Port Port number the service is running on

Target DNS domain name of serving host

45

Example of a DNS table entry for fictional service “foobar”(from the RFC.)

$ORIGIN example.com. @ SOA server.example.com. root.example.com. ( 1995032001 3600 3600 604800 86400 ) NS server.example.com. NS ns1.ip-provider.net. NS ns2.ip-provider.net. ; foobar - use old-slow-box or new-fast-box if either is ; available, make three quarters of the logins go to ; new-fast-box. _foobar._tcp SRV 0 1 9 old-slow-box.example.com. SRV 0 3 9 new-fast-box.example.com. ; if neither old-slow-box or new-fast-box is up, switch to ; using the sysdmin's box and the server SRV 1 0 9 sysadmins-box.example.com. SRV 1 0 9 server.example.com. server A 172.30.79.10 old-slow-box A 172.30.79.11 sysadmins-box A 172.30.79.12 new-fast-box A 172.30.79.13 ; NO other services are supported *._tcp SRV 0 0 0 . *._udp SRV 0 0 0 .

46

Services may be abstract or specific.

Naming &directory services

File sharingservicesPrinting services

lpr:

SMBprinters

IPP

NFSCIFS

SMBshares

AndrewFS

OpenDirectory

NIS

ActiveDirectory

JAVAJNDI

abstract

specific

The Service Location Protocol ver. 2 (RFC2608) approaches the matter of finding services in a general manner. (proposed standard...)

� Can search for abstract as well as specific services� Can have parametrical restrictions on services we want to know

about. I.e. All printers with printer-color-supported to true

47

SLP common header

Length of <PRList> <PRList>

Length of <service-type> <service-type> (string)

Length of <scope-list> <scope-list>

Length of <predicate> <predicate>

Length SPI “BSD=0x0002”

<PRList> Previously responding servers. <service-type> An URI-style service (E.g., “http” “ftp” “telnet”) or a “service:”

specifier. The new service: specifier let us have abstract services:Example: service:printer: , service:naming-directory

<scope-list> A list of “groups” we accept services from.Example: DEFAULT, SALES_DEPT

<predicate> An LDAPv3 search filter expression. (RFC2254)<SPI> Denote authentication style needed. Currently BSD=0x0002

corresponding to DSA/SHA1 signatures is used. 48

� SA ( Service Agent) answers (unicast) with a list of URL:s matching the Service Request.

� A client might get a Directory Agent Advertisement(DAAdvert) as an answer. This tells the client of a

service:directory-agent://<addr>which could be a “super-agent” for other services. We can unicast new queries directly to DA:s.

SLP common header

Error Code URL Entry count

<URL entry 1> . . . <URL Entry N>

49

1. Multicasts a SrvReq request

3. Not satisfied. Multicast a new SrvReq with previously answering servers in <PRList>

2. Answer withSrvRply

4. Answer withSrvRply

5. This machine was a little slow but keeps track of many services. We send a DAAdvert message

Services might earlier have registered with DA via SvrReg messages

SvrReg

50

dhc – Dynamic Host Configuration

� DHCPv4� DHCPv6� DHCP Options and BOOTP Vendor Extensions

ipv6 – IP version 6

� Addressing Architecture� Stateless Address Autoconfiguration

dnsext – DNS Extensions

� DNS SRV Resource Records

svrloc – Service Location Protocol (Note: concluded)

� SLPv1, SLPv2� IANA schemes for “service:” URI:s

51

Universal plug and play - each entity can automatically find IP address, learn about services in the network and announce its own services.

The Universal Plug and Play Forum - a group of more than 700 vendors that define specifications for UPnP devices

Current architecture - a set of application level protocols running on top of TCP/IP.

52

� RARP and BOOTP have shortcomings.� Dynamic Host Configuration Protocol (DHCP) is most versatile for

IPv4 autoconfiguration. Many options for locating various servers etc.� Zero-configuration scheme exists as draft for IPv4. Zero-configuration

of link-local IPv6 addresses on Standards Track.� In IPv6 use Router Advertisements to get prefixes to link-local

address making it site-local / global.� Use DHCPv6 for total administrative control.� Automatic service location via DNS SRV Resource Records or

Service Location Protocol. � UPnP - the future?