tsin02 - internetworking · rarp only really handles local networks since it doesn’t convey...
TRANSCRIPT
TSIN02 - Internetworking
© 2004 Image Coding Group, Linköpings Universitet
Lecture 6: Autoconfiguration
Literature:
● Fouruzan: ch 17: BOOTP, DHCP● Fouruzan: sec 31.2 IPv6 ADDRESSES
● RFC2131: DHCPv4● RFC3315: DHCPv6
● RFC2462: IPv6 Stateless Address Autoconfiguration
● RFC2608: Service Location Protocol, Version 2
Special prerequisite:● Fouruzan: ch 7: ARP/RARP
Ver. 1.0 – Jonas Svanberg
TSIN02 - Internetworking
2
Lecture 6: AutoconfigurarionGoals:● Know parameters needed to setup a node for IP v4,v6
communication● Know some different strategies to do this:
– Manual configuration
– Centralized static configuration
– Centralized dynamic configuration
– Zero configuration● Finding services
– Know how it can scale to larger networks
– The Service Location Protocol Framework
TSIN02 - Internetworking
3
Lecture 6: Autoconfiguration
Outline:
● ARP/ RARP
● Network parameters & DNS
● BOOTP
● DHCP
– Message types
– Options
– Msg exchange example● Zeroconf
● IPv6
– Address structure
– DHCPv6
– Stateless addressautoconfiguration
● Service Discovery
– Abstract vs specificservices
– Service Location Protocol (SLP)
TSIN02 - Internetworking
4
review: ARP (over Ethernet)
ARP – Address resolution protocol. (RFC0826)● Dynamically maintain a cache of mappings:
IP# Link-local MAC-address (6bytes)● An ARP package has the following format:
Target hardware address (MACT)
Hardware Type(Ethernet: 0x1) ProtocolType (Ipv4 0x8)
Hardwarelength (0x6)
Protocollength (0x4)
Request (1) or Response (2)Op
Sender hardware address (MACS)
Sender protocol address (IPS)
Target protocol address (IPT)
ARP(Op, MACS, IPS, MACT, IPT)
TSIN02 - Internetworking
5
ARP(2, MACT, IPT
, MACS, IPS
)
IPS
ARP(1, MACS, IP
S, 0, IPT)
● Resolving an IP# using ARP. Host IPS doesn’t know
the mapping IPT MACT.
ARP cont.
IPT
broadcast
Receiver of ARP request also updates its own ARP-cache with the sender fields of the received package.
TSIN02 - Internetworking
6
1. ARP(1, MAC1, IP1, 0, IP2)
Proxy ARP
A kind of routing can be had between two subnets using proxy ARP
IP1 IP2
IP3
MAC3A MAC3B
2. ARP(1, MAC3 B, IP1, 0, IP2)
3. ARP(2, MAC2, IP2, MAC3 B, IP1)
4. ARP(2, MAC3 A, IP2, MAC1, IP1)
A-net B-net
broa
dcas
t
broadcast
TSIN02 - Internetworking
7
Gratuitous ARP
A host can broadcast ARP requests for itself:
ARP(1, MyMAC, MyIP, 0xffffff, MyIP)
There are two uses for this:● A host can check for misconfigurations. I.e., does any
other host use my IP#? In that case host will get an ARP reply and can log an error report.
● When the network interface card is changed (and the corresponding MAC) a host can broadcast this change on the net forcing updates in all ARP-tables.
TSIN02 - Internetworking
8
When host A don’t know its own IP# it canbroadcast the RARP request:
ARP(3, MACA, 0, MACA, 0)
The RARP server B answers with unicast:
ARP(4, MACB, IPB, MACA, IPA)
RARP only really handles local networks since it doesn’t convey information about the subnet mask in use and gateway IP.
RARP is not used at all in Ipv6.
ARP functionality is built in into ICMPv6.
Reverse Address Resolution - RARP
TSIN02 - Internetworking
9
Parameters for IP configurationThe typical parameters needed for an end host to enable IP communications are:
● The IP-address (A)
● The netmask (M)
– Addresses B not matching the mask is sent to the gateway ( (B & M ) != (A & M) ). Otherwise use ARP and find host B on local network.
● The gateway P
– Typically ( 0x1 | (A & M) )
● Broadcast
– Can use 255.255.255.255 (broadcast on all attached interfaces)
– (A & M) | (255.255.255.255 ^ M) for specific interface
TSIN02 - Internetworking
10
Domain Name System - DNS
The DNS service is a crucial component of the Internet. IP-numbers are mostly transient,
● Nodes may get their IP addresses dynamically for just some time.
● Subnets may be restructured and netmasks changed.
● Networks switch to other operators.
But the DNS is a global database letting us have persistent identifications of hosts, services and through the use of URI:s also data. People even use DNS domain names indirectly in other name-spaces such as naming JAVA packages.
TSIN02 - Internetworking
11
Manual configurationA host can of course be manually configured with IP, netmask, gateway and DNS.
This is not so hard if host needs to be manually configured with further software etc. But the drawbacks are apparent:
● In large networks a scheme is needed anyway. Why not automate it?
● Ease network topology changes. We can focus on sub-netting and configuring routers. Hosts manage by themselves!
● A host might not even have persistent memory (E.g. Disk-less clients, sensor devices etc.) making manual configuration impossible!
● Hosts may move around on different subnets.
TSIN02 - Internetworking
12
Bootstrap Protocol - BOOTPDefined in RFC951 (1985). BOOTP allows us to have the auto-configuration service running over the normal IP stack
Operation code Hardware type Hardware length Hop count
Transaction ID
No of seconds Unused
Client IP address
Your address
Server IP address
Gateway IP address
Client hardware address
Server name (64 bytes)
Boot file name (128bytes)
Options
This is encapsulated in UDP to port 68. The request is broadcast (IP target host 255.255.255.255) The reply goes to port 68 and may be unicast, but then the bootp server need to update the ARP-table itself. However the reply can be broadcast in which case the TransactionID resolves simultaneous requests.
Options might contain subnet mask, time, time servers, DNS servers, print servers, host name etc. Also some vendors have registered fields.
1 = BOOTREQUEST, 2 = BOOTREPLY
TSIN02 - Internetworking
13
BOOTP – Additional notes
To achieve robustness BOOTP...● uses UDP checksum option● client uses timers and retransmission.
– Retransmission timer is in the order of seconds– Timer is randomized to avoid network jam right
after e.g., a power failure.
more...● BOOTP normally reside in read-only/flash memory in
disk-less clients BIOS.● The TFTP protocol (RFC1350) is usually used to
fetch the OS image given in the Boot File Name field.
TSIN02 - Internetworking
14
BOOTP – Implementation Notes
A BOOTP server typically has a static table where each host’s MAC-address is mapped to IP# (Typically in a file /etc/ethers)
The Server IP field tells of the next server to use if on a disk-less client (typically TFTP of kernel image)
In SunOS bootstrapping is done like● Get IP# via RARP● Fetch kernel image via TFTP. The image is named
from the IP#!● Communicate more parameters like NIS-servers etc
via remote procedure calls (RPC)
TSIN02 - Internetworking
15
BOOTP Shortcomings
BOOTP doesn’t solve the problem with hosts moving around!
● Let’s say we have a /24 subnet (255 nodes).● Visiting hosts are possibly more numerous.
We want to be able to withdraw IP#● Hosts actively releasing their IP#● Time-out mechanisms for when IP# are
automatically withdrawn.
Hosts need to be able to renew their IP# lease.
This requirements are fulfilled by...
TSIN02 - Internetworking
16
Dynamic Host Configuration Protocol
DHCP for IPv4 – See RFC2131
DHCP is backwards compatible with BOOTP:● A BOOTP client can request a static configuration
from a DHCP server.● Same well-known port numbers are used
The message format is the same● “Unused”-field is now “Flags”. Only LSB is used
(client enforce broadcast reply)● More options than BOOTP
TSIN02 - Internetworking
17
DHCP – Option “DHCP message type”
Must be included in every DHCP message
Client Server● DHCPDISCOVER (1) broadcast to locate servers● DHCPREQUEST (3) requesting offered parameters etc.● DHCPDECLINE (4) indicate address already in use● DHCPRELEASE (7) relinquish network address
● DHCPINFORM (8) ask for parameters but not IP# (1997)
Server Client● DHCPOFFER (2) server’s response to DHCPDISCOVER● DHCPACK (5) confirm client’s now has lease● DHCPNACK (6) tell client its IP# is expired/incorrect
TSIN02 - Internetworking
18
DHCP – Message exchange exampleserver
(not selected)server
(selected)client
DHCPDISCOVER DHCPDISCOVERDeterminesconfiguration
Determinesconfiguration
DHCPOFFERDHCPOFFER
Collect replies
Select configuration
DHCPREQUEST DHCPREQUEST
DHCPACK
DHCPRELEASE
broadcast
broadcast
Sees that request does not match offer. (May now release internal lock)
Commits to previous offer
Discard release
TSIN02 - Internetworking
19
DHCP – State Transition Diagram
Initializing
Selecting
Requesting
Bound
RebindingRenewing
Boot
DHCPDISCOVER
DHCPREQUEST
DHCPACK
DHCPACK DHCPACK
Lease Time 50% expiredDHCPREQUEST
Lease Time 87.5% expiredDHCPREQUEST
Lease cancelledDHCPRELEASE
Lease Time expiredDHCPNACK
DHCPOFFER
Forouzan p. 488
TSIN02 - Internetworking
20
DHCP – More Options
● Routers● DNS servers● Time servers● Printer servers● Log servers● Swap servers● Mail servers (SMPT)● POP3 servers● NIS servers
● Font servers (X-Windows)● MobileIP Home Agents● Broadcast address● ARP cache timeout val● Ethernet 2 / IEEE802.3● TTL values● Forwarding flag● Source route policy● Plus many more...
Standard options for BOOTP/DHCP are listed in RFC2132
TSIN02 - Internetworking
21
Zero Configuration
Simple ad-hoc network scenario. Hosts are connected to a local network. No special RARP/DHCP server exist.
How to configure hosts with unique IP#?
Answer: draft from zeroconf working group● Formally what Windows and Mac already do● Picks random addresses from subnet 169.254/16● Randomization should give same sequence between
boots (e.g., use MAC-address for seed)● Use “ARP-probes” to check for collisions
ARP(1, MyMAC, 0, 0xffffff, MyRandomIP)● Defend once if active TCP connections etc.
TSIN02 - Internetworking
22
IPv6 AddressingIn IPv6 we don’t have the notion of a netmask
The address is 128 bits long (16 bytes)
Example notation:
FDEC:BA98:0074:3210:000F:BBFF:0000:FFFF
may be abbrevated:
FDEC:BA98:74:3210:F:BBFF:0:FFFF
Globally routable unicast addresses have the
SubscriberIdentifier
ProviderIdentifier
SubnetIdentifier
Node Identifier
8 16 24 32 48
010 Registry INTERNIC 11000RIPNIC 01000APNIC 10100
Pick MAC-address here!
TSIN02 - Internetworking
23
IPv6 Address Autoconfiguration
Two methods● Stateful DHCPv6 requests● Stateless Address Autoconfiguration
In IPv6 routers periodically send Router Advertisements (ICMPv6)
● Stateful autoconfiguration available or not● Other stateful parameter configuration available● Various timing values.● >>> Prefix Information <<<
TSIN02 - Internetworking
24
DHCPv6 (RFC3315)● Uses multicast (FF02::1:2, FF05::1:3) ● Simpler message structure:
● Requires globally unique identifiers of clients and hosts (DUID – DHCP Unique Identifier). These can be constructed from MAC-addresses.
● Client uniquely identifies network interfaces.
msgtype transactions-ID
options(variable)
8 24
TSIN02 - Internetworking
25
DHCPv6 – Message TypesClient Server
● SOLICIT (1) locate servers
● REQUEST (3) request parameters from a specific server
● CONFIRM (4) confirm that address is still appropriate
● RENEW (5) try extend lifetime of assigned addresses
● REBIND (6) follows an unresponsive RENEW. Get other parameters
● RELEASE (8) tell server we don’t use one or more addresses
● DECLINE (9) tell server one or more addresses already seem in use
● INFORMATION REQUEST (11) Request configuration params without IP#
Server Client
● ADVERTISE (2) server’s ready to serve. Response to SOLICIT
● REPLY (7) general reply message. May contain configuration parameters
● RECONFIGURE (10) tell client it needs to RENEW
TSIN02 - Internetworking
26
DHCPv6 – Additional Notes● Not so many options yet.
– Client DUID, Server DUID, Client interface ID
– IPv6 address + lease time(obviously such an option!)
– Rapid transaction option (two messages)● Security!
– DHCPv6 may use IPSec
– Authentication option (works both ways)● DNS configuration option: RFC3646 (servers and domain lists)● Some more options on draft stage in the dhc working group.
– Time, NIS, timezones, tunnels, boot images etc.
TSIN02 - Internetworking
27
IPv6 Stateless Address Autoconfiguration
● RFC2462● Similar to zeroconf we form an link-local address and
run the “Duplicate Address Detection” scheme.● IPv6 link-local prefix: FE80::0. Put the hardware
interface’s address (length N) in the rightmost N bits. Maximum allowed hardware address length 118bits.(Note: there exist a 64-bit standard hardware addressing system)
● Listen for router advertisements and the “Prefix Information” field. Use these prefixes to form (possibly many) routable addresses! (global and site)
TSIN02 - Internetworking
28
IPv6 Prefix Delegation
Taking it one step further...
Work is underway to enable autoconfiguration of IPv6 addresses for whole network topologies. See draft,
Requirements for IPv6 prefix delegation
on the ipv6 working group page.
An expired draft (2000) can be found at 6ants.net● Routers search for “delegating routers” via a multicast
query.● It picks one delegating router and sends an initial request
requiring a prefix of needed length● Delegating answers responds with a prefix which querying
router may use till it expires
TSIN02 - Internetworking
29
Service DiscoveryProblem statement: How to automatically find a host responsible for running a particular service?● Many protocols uses broadcast or registered multicast
addresses for sending requests to a server with unknown unicast address,
– IGMP, RARP, BOOTP, DHCP, MADCAP, SIP● Services may broadcast their existence. Typically used in
file/printer sharing networks broadcast storms in large networks
● Directory services which summarizes available services (NIS, Novell Directory Service, Microsoft Active Directory, Apple Open Directory). Not only shares and printers but also hosts in general and user authentication information.
TSIN02 - Internetworking
30
Service Discovery cont.
Two generic mechanisms for discovering services can be found in IETF’s working groups
● A new DNS resource record type SRV has been defined in RFC2782. I.e., the DNS server can be queried for needed services.
● The Service Location Protocol defined by the svrloc (now concluded) working group. This mechanism allows for queries of abstract services (explained later) as well as LDAP filtering based on predefined attributes for services
● Of these two methods the DNS SRV seems to survive. For instance Windows 2000 uses the scheme when looking for active directories.
TSIN02 - Internetworking
31
[_Service._Proto.Name TTL Class SRV Priority Weight Port Target]
_Service A service name as defined by IANA,See www.iana.org/assignments/service-names.
_Proto A protocol from the same namespace as above.Typically “_TCP” or “_UDP”
Name DNS-domain name
TTL (32 bits) For how long the record can be cached (in seconds)
Class Network class (1 = Internet)
SRV The Resource Record string identifier (type# = 33)
Priority (16 bits) Client must try to pick serving host with lowest value
Weight (16 bits) When client finds several services of the same priority it picks one with a probability proportional to the weight value.
Port Port number the service is running on
Target DNS domain name of serving host
The DNS SRV Resource Record
TSIN02 - Internetworking
32
DNS SRV Example
Example of a DNS table entry for fictional service “foobar”(from the RFC.)
$ORIGIN example.com. @ SOA server.example.com. root.example.com. ( 1995032001 3600 3600 604800 86400 ) NS server.example.com. NS ns1.ip-provider.net. NS ns2.ip-provider.net. ; foobar - use old-slow-box or new-fast-box if either is ; available, make three quarters of the logins go to ; new-fast-box. _foobar._tcp SRV 0 1 9 old-slow-box.example.com. SRV 0 3 9 new-fast-box.example.com. ; if neither old-slow-box or new-fast-box is up, switch to ; using the sysdmin's box and the server SRV 1 0 9 sysadmins-box.example.com. SRV 1 0 9 server.example.com. server A 172.30.79.10 old-slow-box A 172.30.79.11 sysadmins-box A 172.30.79.12 new-fast-box A 172.30.79.13 ; NO other services are supported *._tcp SRV 0 0 0 . *._udp SRV 0 0 0 .
TSIN02 - Internetworking
33
Service Location Protocol Framework
Services may be abstract or specific.
Naming &directory services
File sharingservicesPrinting services
lpr:
SMBprinters
IPP
NFS
CIFS
SMBshares
AndrewFS
OpenDirectory
NIS
ActiveDirectory
JAVAJNDI
abstract
specific
The Service Location Protocol ver. 2 (RFC2608) approaches the matter of finding services in a general manner. (proposed standard...)
● Can search for abstract as well as specific services● Can have parametrical restrictions on services we want to know
about. I.e. All printers with printer-color-supported to true
TSIN02 - Internetworking
34
svrloc – Service Request (SrvRqst)
SLP common header
Length of <PRList> <PRList>
Length of <service-type> <service-type> (string)
Length of <scope-list> <scope-list>
Length of <predicate> <predicate>
Length SPI “BSD=0x0002”
<PRList> Previously responding servers. <service-type> An URI-style service (E.g., “http” “ftp” “telnet”) or a “service:”
specifier. The new service: specifier let us have abstract services:Example: service:printer: , service:naming-directory
<scope-list> A list of “groups” we accept services from.Example: DEFAULT, SALES_DEPT
<predicate> An LDAPv3 search filter expression. (RFC2254)<SPI> Denote authentication style needed. Currently BSD=0x0002
corresponding to DSA/SHA1 signatures is used.
TSIN02 - Internetworking
35
svrloc – Service Reply (SrvRply)
● SA ( Service Agent) answers (unicast) with a list of URL:s matching the Service Request.
● A client might get a Directory Agent Advertisement(DAAdvert) as an answer. This tells the client of a
service:directory-agent://<addr>
which could be a “super-agent” for other services. We can unicast new queries directly to DA:s.
SLP common header
Error Code URL Entry count
<URL entry 1> . . . <URL Entry N>
TSIN02 - Internetworking
36
svrloc – Message Exchange Example
1. Multicasts a SrvReq request
4. Not satisfied. Multicast a new SrcReq with previously answering servers in <PRList>
2. Answer withSrvRply
4. Answer withSrvRply
5. This machine was a little slow but keeps track of many services. We send a DAAdvert message
Services might earlier have registered with DA via SvrReg messages
SvrReg
TSIN02 - Internetworking
37
IETF Working Groupsdhc – Dynamic Host Configuration
– DHCPv4
– DHCPv6
– DHCP Options and BOOTP Vendor Extensions
ipv6 – IP version 6
– Addressing Architecture
– Stateless Address Autoconfiguration
dnsext – DNS Extensions
– DNS SRV Resource Records
svrloc – Service Location Protocol (Note: concluded)
– SLPv1, SLPv2
– IANA schemes for “service:” URI:s
TSIN02 - Internetworking
38
Summary● RARP and BOOTP have shortcomings.● Dynamic Host Configuration Protocol (DHCP) is most
versatile for IPv4 autoconfiguration. Many options for locating various servers etc.
● Zero-configuration scheme exists as draft for IPv4. Zero-configuration of link-local IPv6 addresses on Standards Track.
● In IPv6 use Router Advertisements to get prefixes to link-local address making it site-local / global.
● Use DHCPv6 for total administrative control.● Automatic service location via DNS SRV Resource
Records or Service Location Protocol.