tsin02 - internetworking · rarp only really handles local networks since it doesn’t convey...

TSIN02 - Internetworking

© 2004 Image Coding Group, Linköpings Universitet

Lecture 6: Autoconfiguration

Literature:

● Fouruzan: ch 17: BOOTP, DHCP● Fouruzan: sec 31.2 IPv6 ADDRESSES

● RFC2131: DHCPv4● RFC3315: DHCPv6

● RFC2462: IPv6 Stateless Address Autoconfiguration

● RFC2608: Service Location Protocol, Version 2

Special prerequisite:● Fouruzan: ch 7: ARP/RARP

Ver. 1.0 – Jonas Svanberg

http://www.ietf.org/rfc/rfc2131.txt





2

Lecture 6: AutoconfigurarionGoals:● Know parameters needed to setup a node for IP v4,v6

communication● Know some different strategies to do this:

– Manual configuration

– Centralized static configuration

– Centralized dynamic configuration

– Zero configuration● Finding services

– Know how it can scale to larger networks

– The Service Location Protocol Framework


3

Lecture 6: Autoconfiguration

Outline:

● ARP/ RARP

● Network parameters & DNS

● BOOTP

● DHCP

– Message types

– Options

– Msg exchange example● Zeroconf

● IPv6

– Address structure

– DHCPv6

– Stateless addressautoconfiguration

● Service Discovery

– Abstract vs specificservices

– Service Location Protocol (SLP)


4

review: ARP (over Ethernet)

ARP – Address resolution protocol. (RFC0826)● Dynamically maintain a cache of mappings:

IP# Link-local MAC-address (6bytes)● An ARP package has the following format:

Target hardware address (MACT)

Hardware Type(Ethernet: 0x1) ProtocolType (Ipv4 0x8)

Hardwarelength (0x6)

Protocollength (0x4)

Request (1) or Response (2)Op

Sender hardware address (MACS)

Sender protocol address (IPS)

Target protocol address (IPT)

ARP(Op, MACS, IPS, MACT, IPT)



5

ARP(2, MACT, IPT

, MACS, IPS

)

IPS

ARP(1, MACS, IP

S, 0, IPT)

● Resolving an IP# using ARP. Host IPS doesn’t know

the mapping IPT MACT.

ARP cont.

IPT

broadcast

Receiver of ARP request also updates its own ARP-cache with the sender fields of the received package.


6

1. ARP(1, MAC1, IP1, 0, IP2)

Proxy ARP

A kind of routing can be had between two subnets using proxy ARP

IP1 IP2

IP3

MAC3A MAC3B

2. ARP(1, MAC3 B, IP1, 0, IP2)

3. ARP(2, MAC2, IP2, MAC3 B, IP1)

4. ARP(2, MAC3 A, IP2, MAC1, IP1)

A-net B-net

broa

dcas

t

broadcast


7

Gratuitous ARP

A host can broadcast ARP requests for itself:

ARP(1, MyMAC, MyIP, 0xffffff, MyIP)

There are two uses for this:● A host can check for misconfigurations. I.e., does any

other host use my IP#? In that case host will get an ARP reply and can log an error report.

● When the network interface card is changed (and the corresponding MAC) a host can broadcast this change on the net forcing updates in all ARP-tables.


8

When host A don’t know its own IP# it canbroadcast the RARP request:

ARP(3, MACA, 0, MACA, 0)

The RARP server B answers with unicast:

ARP(4, MACB, IPB, MACA, IPA)

RARP only really handles local networks since it doesn’t convey information about the subnet mask in use and gateway IP.

RARP is not used at all in Ipv6.

ARP functionality is built in into ICMPv6.

Reverse Address Resolution - RARP


9

Parameters for IP configurationThe typical parameters needed for an end host to enable IP communications are:

● The IP-address (A)

● The netmask (M)

– Addresses B not matching the mask is sent to the gateway ( (B & M ) != (A & M) ). Otherwise use ARP and find host B on local network.

● The gateway P

– Typically ( 0x1 | (A & M) )

● Broadcast

– Can use 255.255.255.255 (broadcast on all attached interfaces)

– (A & M) | (255.255.255.255 ^ M) for specific interface


10

Domain Name System - DNS

The DNS service is a crucial component of the Internet. IP-numbers are mostly transient,

● Nodes may get their IP addresses dynamically for just some time.

● Subnets may be restructured and netmasks changed.

● Networks switch to other operators.

But the DNS is a global database letting us have persistent identifications of hosts, services and through the use of URI:s also data. People even use DNS domain names indirectly in other name-spaces such as naming JAVA packages.


11

Manual configurationA host can of course be manually configured with IP, netmask, gateway and DNS.

This is not so hard if host needs to be manually configured with further software etc. But the drawbacks are apparent:

● In large networks a scheme is needed anyway. Why not automate it?

● Ease network topology changes. We can focus on sub-netting and configuring routers. Hosts manage by themselves!

● A host might not even have persistent memory (E.g. Disk-less clients, sensor devices etc.) making manual configuration impossible!

● Hosts may move around on different subnets.


12

Bootstrap Protocol - BOOTPDefined in RFC951 (1985). BOOTP allows us to have the auto-configuration service running over the normal IP stack

Operation code Hardware type Hardware length Hop count

Transaction ID

No of seconds Unused

Client IP address

Your address

Server IP address

Gateway IP address

Client hardware address

Server name (64 bytes)

Boot file name (128bytes)

Options

This is encapsulated in UDP to port 68. The request is broadcast (IP target host 255.255.255.255) The reply goes to port 68 and may be unicast, but then the bootp server need to update the ARP-table itself. However the reply can be broadcast in which case the TransactionID resolves simultaneous requests.

Options might contain subnet mask, time, time servers, DNS servers, print servers, host name etc. Also some vendors have registered fields.

1 = BOOTREQUEST, 2 = BOOTREPLY



13

BOOTP – Additional notes

To achieve robustness BOOTP...● uses UDP checksum option● client uses timers and retransmission.

– Retransmission timer is in the order of seconds– Timer is randomized to avoid network jam right

after e.g., a power failure.

more...● BOOTP normally reside in read-only/flash memory in

disk-less clients BIOS.● The TFTP protocol (RFC1350) is usually used to

fetch the OS image given in the Boot File Name field.



14

BOOTP – Implementation Notes

A BOOTP server typically has a static table where each host’s MAC-address is mapped to IP# (Typically in a file /etc/ethers)

The Server IP field tells of the next server to use if on a disk-less client (typically TFTP of kernel image)

In SunOS bootstrapping is done like● Get IP# via RARP● Fetch kernel image via TFTP. The image is named

from the IP#!● Communicate more parameters like NIS-servers etc

via remote procedure calls (RPC)


15

BOOTP Shortcomings

BOOTP doesn’t solve the problem with hosts moving around!

● Let’s say we have a /24 subnet (255 nodes).● Visiting hosts are possibly more numerous.

We want to be able to withdraw IP#● Hosts actively releasing their IP#● Time-out mechanisms for when IP# are

automatically withdrawn.

Hosts need to be able to renew their IP# lease.

This requirements are fulfilled by...


16

Dynamic Host Configuration Protocol

DHCP for IPv4 – See RFC2131

DHCP is backwards compatible with BOOTP:● A BOOTP client can request a static configuration

from a DHCP server.● Same well-known port numbers are used

The message format is the same● “Unused”-field is now “Flags”. Only LSB is used

(client enforce broadcast reply)● More options than BOOTP



17

DHCP – Option “DHCP message type”

Must be included in every DHCP message

Client Server● DHCPDISCOVER (1) broadcast to locate servers● DHCPREQUEST (3) requesting offered parameters etc.● DHCPDECLINE (4) indicate address already in use● DHCPRELEASE (7) relinquish network address

● DHCPINFORM (8) ask for parameters but not IP# (1997)

Server Client● DHCPOFFER (2) server’s response to DHCPDISCOVER● DHCPACK (5) confirm client’s now has lease● DHCPNACK (6) tell client its IP# is expired/incorrect


18

DHCP – Message exchange exampleserver

(not selected)server

(selected)client

DHCPDISCOVER DHCPDISCOVERDeterminesconfiguration

Determinesconfiguration

DHCPOFFERDHCPOFFER

Collect replies

Select configuration

DHCPREQUEST DHCPREQUEST

DHCPACK

DHCPRELEASE

broadcast

broadcast

Sees that request does not match offer. (May now release internal lock)

Commits to previous offer

Discard release


19

DHCP – State Transition Diagram

Initializing

Selecting

Requesting

Bound

RebindingRenewing

Boot

DHCPDISCOVER

DHCPREQUEST

DHCPACK

DHCPACK DHCPACK

Lease Time 50% expiredDHCPREQUEST

Lease Time 87.5% expiredDHCPREQUEST

Lease cancelledDHCPRELEASE

Lease Time expiredDHCPNACK

DHCPOFFER

Forouzan p. 488


20

DHCP – More Options

● Routers● DNS servers● Time servers● Printer servers● Log servers● Swap servers● Mail servers (SMPT)● POP3 servers● NIS servers

● Font servers (X-Windows)● MobileIP Home Agents● Broadcast address● ARP cache timeout val● Ethernet 2 / IEEE802.3● TTL values● Forwarding flag● Source route policy● Plus many more...

Standard options for BOOTP/DHCP are listed in RFC2132



21

Zero Configuration

Simple ad-hoc network scenario. Hosts are connected to a local network. No special RARP/DHCP server exist.

How to configure hosts with unique IP#?

Answer: draft from zeroconf working group● Formally what Windows and Mac already do● Picks random addresses from subnet 169.254/16● Randomization should give same sequence between

boots (e.g., use MAC-address for seed)● Use “ARP-probes” to check for collisions

ARP(1, MyMAC, 0, 0xffffff, MyRandomIP)● Defend once if active TCP connections etc.

http://www.ietf.org/html.charters/zeroconf-charter.html


22

IPv6 AddressingIn IPv6 we don’t have the notion of a netmask

The address is 128 bits long (16 bytes)

Example notation:

FDEC:BA98:0074:3210:000F:BBFF:0000:FFFF

may be abbrevated:

FDEC:BA98:74:3210:F:BBFF:0:FFFF

Globally routable unicast addresses have the

SubscriberIdentifier

ProviderIdentifier

SubnetIdentifier

Node Identifier

8 16 24 32 48

010 Registry INTERNIC 11000RIPNIC 01000APNIC 10100

Pick MAC-address here!


23

IPv6 Address Autoconfiguration

Two methods● Stateful DHCPv6 requests● Stateless Address Autoconfiguration

In IPv6 routers periodically send Router Advertisements (ICMPv6)

● Stateful autoconfiguration available or not● Other stateful parameter configuration available● Various timing values.● >>> Prefix Information <<<


24

DHCPv6 (RFC3315)● Uses multicast (FF02::1:2, FF05::1:3) ● Simpler message structure:

● Requires globally unique identifiers of clients and hosts (DUID – DHCP Unique Identifier). These can be constructed from MAC-addresses.

● Client uniquely identifies network interfaces.

msgtype transactions-ID

options(variable)

8 24



25

DHCPv6 – Message TypesClient Server

● SOLICIT (1) locate servers

● REQUEST (3) request parameters from a specific server

● CONFIRM (4) confirm that address is still appropriate

● RENEW (5) try extend lifetime of assigned addresses

● REBIND (6) follows an unresponsive RENEW. Get other parameters

● RELEASE (8) tell server we don’t use one or more addresses

● DECLINE (9) tell server one or more addresses already seem in use

● INFORMATION REQUEST (11) Request configuration params without IP#

Server Client

● ADVERTISE (2) server’s ready to serve. Response to SOLICIT

● REPLY (7) general reply message. May contain configuration parameters

● RECONFIGURE (10) tell client it needs to RENEW


26

DHCPv6 – Additional Notes● Not so many options yet.

– Client DUID, Server DUID, Client interface ID

– IPv6 address + lease time(obviously such an option!)

– Rapid transaction option (two messages)● Security!

– DHCPv6 may use IPSec

– Authentication option (works both ways)● DNS configuration option: RFC3646 (servers and domain lists)● Some more options on draft stage in the dhc working group.

– Time, NIS, timezones, tunnels, boot images etc.


http://www.ietf.org/html.charters/dhc-charter.html


27

IPv6 Stateless Address Autoconfiguration

● RFC2462● Similar to zeroconf we form an link-local address and

run the “Duplicate Address Detection” scheme.● IPv6 link-local prefix: FE80::0. Put the hardware

interface’s address (length N) in the rightmost N bits. Maximum allowed hardware address length 118bits.(Note: there exist a 64-bit standard hardware addressing system)

● Listen for router advertisements and the “Prefix Information” field. Use these prefixes to form (possibly many) routable addresses! (global and site)



28

IPv6 Prefix Delegation

Taking it one step further...

Work is underway to enable autoconfiguration of IPv6 addresses for whole network topologies. See draft,

Requirements for IPv6 prefix delegation

on the ipv6 working group page.

An expired draft (2000) can be found at 6ants.net● Routers search for “delegating routers” via a multicast

query.● It picks one delegating router and sends an initial request

requiring a prefix of needed length● Delegating answers responds with a prefix which querying

router may use till it expires

http://www.ietf.org/internet-drafts/draft-ietf-ipv6-prefix-delegation-requirement-04.txt

http://www.ietf.org/html.charters/ipv6-charter.html

http://6net.net


29

Service DiscoveryProblem statement: How to automatically find a host responsible for running a particular service?● Many protocols uses broadcast or registered multicast

addresses for sending requests to a server with unknown unicast address,

– IGMP, RARP, BOOTP, DHCP, MADCAP, SIP● Services may broadcast their existence. Typically used in

file/printer sharing networks broadcast storms in large networks

● Directory services which summarizes available services (NIS, Novell Directory Service, Microsoft Active Directory, Apple Open Directory). Not only shares and printers but also hosts in general and user authentication information.


30

Service Discovery cont.

Two generic mechanisms for discovering services can be found in IETF’s working groups

● A new DNS resource record type SRV has been defined in RFC2782. I.e., the DNS server can be queried for needed services.

● The Service Location Protocol defined by the svrloc (now concluded) working group. This mechanism allows for queries of abstract services (explained later) as well as LDAP filtering based on predefined attributes for services

● Of these two methods the DNS SRV seems to survive. For instance Windows 2000 uses the scheme when looking for active directories.


http://www.ietf.org/html.charters/OLD/svrloc-charter.html


31

[_Service._Proto.Name TTL Class SRV Priority Weight Port Target]

_Service A service name as defined by IANA,See www.iana.org/assignments/service-names.

_Proto A protocol from the same namespace as above.Typically “_TCP” or “_UDP”

Name DNS-domain name

TTL (32 bits) For how long the record can be cached (in seconds)

Class Network class (1 = Internet)

SRV The Resource Record string identifier (type# = 33)

Priority (16 bits) Client must try to pick serving host with lowest value

Weight (16 bits) When client finds several services of the same priority it picks one with a probability proportional to the weight value.

Port Port number the service is running on

Target DNS domain name of serving host

The DNS SRV Resource Record

http://www.iana.org/assignments/service-names


32

DNS SRV Example

Example of a DNS table entry for fictional service “foobar”(from the RFC.)

$ORIGIN example.com. @ SOA server.example.com. root.example.com. ( 1995032001 3600 3600 604800 86400 ) NS server.example.com. NS ns1.ip-provider.net. NS ns2.ip-provider.net. ; foobar - use old-slow-box or new-fast-box if either is ; available, make three quarters of the logins go to ; new-fast-box. _foobar._tcp SRV 0 1 9 old-slow-box.example.com. SRV 0 3 9 new-fast-box.example.com. ; if neither old-slow-box or new-fast-box is up, switch to ; using the sysdmin's box and the server SRV 1 0 9 sysadmins-box.example.com. SRV 1 0 9 server.example.com. server A 172.30.79.10 old-slow-box A 172.30.79.11 sysadmins-box A 172.30.79.12 new-fast-box A 172.30.79.13 ; NO other services are supported *._tcp SRV 0 0 0 . *._udp SRV 0 0 0 .


33

Service Location Protocol Framework

Services may be abstract or specific.

Naming &directory services

File sharingservicesPrinting services

lpr:

SMBprinters

IPP

NFS

CIFS

SMBshares

AndrewFS

OpenDirectory

NIS

ActiveDirectory

JAVAJNDI

abstract

specific

The Service Location Protocol ver. 2 (RFC2608) approaches the matter of finding services in a general manner. (proposed standard...)

● Can search for abstract as well as specific services● Can have parametrical restrictions on services we want to know

about. I.e. All printers with printer-color-supported to true



34

svrloc – Service Request (SrvRqst)

SLP common header

Length of <PRList> <PRList>

Length of <service-type> <service-type> (string)

Length of <scope-list> <scope-list>

Length of <predicate> <predicate>

Length SPI “BSD=0x0002”

<PRList> Previously responding servers. <service-type> An URI-style service (E.g., “http” “ftp” “telnet”) or a “service:”

specifier. The new service: specifier let us have abstract services:Example: service:printer: , service:naming-directory

<scope-list> A list of “groups” we accept services from.Example: DEFAULT, SALES_DEPT

<predicate> An LDAPv3 search filter expression. (RFC2254)<SPI> Denote authentication style needed. Currently BSD=0x0002

corresponding to DSA/SHA1 signatures is used.



35

svrloc – Service Reply (SrvRply)

● SA ( Service Agent) answers (unicast) with a list of URL:s matching the Service Request.

● A client might get a Directory Agent Advertisement(DAAdvert) as an answer. This tells the client of a

service:directory-agent://<addr>

which could be a “super-agent” for other services. We can unicast new queries directly to DA:s.

SLP common header

Error Code URL Entry count

<URL entry 1> . . . <URL Entry N>


36

svrloc – Message Exchange Example

1. Multicasts a SrvReq request

4. Not satisfied. Multicast a new SrcReq with previously answering servers in <PRList>

2. Answer withSrvRply

4. Answer withSrvRply

5. This machine was a little slow but keeps track of many services. We send a DAAdvert message

Services might earlier have registered with DA via SvrReg messages

SvrReg


37

IETF Working Groupsdhc – Dynamic Host Configuration

– DHCPv4

– DHCPv6

– DHCP Options and BOOTP Vendor Extensions

ipv6 – IP version 6

– Addressing Architecture

– Stateless Address Autoconfiguration

dnsext – DNS Extensions

– DNS SRV Resource Records

svrloc – Service Location Protocol (Note: concluded)

– SLPv1, SLPv2

– IANA schemes for “service:” URI:s

http://www.ietf.org/html.charters/dhc-charter.html

http://www.ietf.org/html.charters/ipv6-charter.html

http://www.ietf.org/html.charters/dnsext-charter.html

http://www.ietf.org/html.charters/OLD/svrloc-charter.html


38

Summary● RARP and BOOTP have shortcomings.● Dynamic Host Configuration Protocol (DHCP) is most

versatile for IPv4 autoconfiguration. Many options for locating various servers etc.

● Zero-configuration scheme exists as draft for IPv4. Zero-configuration of link-local IPv6 addresses on Standards Track.

● In IPv6 use Router Advertisements to get prefixes to link-local address making it site-local / global.

● Use DHCPv6 for total administrative control.● Automatic service location via DNS SRV Resource

Records or Service Location Protocol.

tsin02 - internetworking · rarp only really handles local networks since it doesn’t convey...

Documents