Upload
dinhanh
View
272
Download
3
Embed Size (px)
Citation preview
TSIN02 - Internetworking
© 2004 Image Coding Group, Linköpings Universitet
Lecture 6: Autoconfiguration
Literature:� Forouzan: ch 16: BOOTP, DHCP� Forouzan: ch 17: DNS� RFC2642: IPv6 Stateless Address Autoconfiguration� RFC3927: Dynamic Configuration of IPv4 Link-Local Addresses� RFC3315: DHCPv6 (optional extra material)� RFC2131: DHCPv4 (optional extra material)� RFC2608: Service Location Protocol, Version 2 (optional extra material)
2
� Know parameters needed to setup a node for IPv4 or IPv6 communication
� Know some different strategies to do this:� Manual configuration� Centralized static configuration� Centralized dynamic configuration� Zero configuration
� Finding services� Know how it can scale to larger networks� The Service Location Protocol Framework
3
Outline:
� Application layer basics
� ARP/ RARP� Network parameters & DNS
� BOOTP
� DHCP
� Message types� Options� Msg exchange example
� Zeroconf
� IPv6
� Address structure� DHCPv6� Stateless address
autoconfiguration� Service Discovery
� Abstract vs specificservices
� Service Location Protocol (SLP)
4
In the TCP/IP stack the application layer covers the top three layers of the OSI-model.
5
� A client is a program that requests services from another program.
� Uses active open when requesting service� Active close when finished
� A server is a program that provides services to another program.
� Uses passive open to listen for requests.
Figure from Forouzan 6Figure from Forouzan
7
Clients can be run on a machine� iteratively, ie one at a time, or� concurrently, ie more than on in parallel.
Connection can be� connectionless (UDP)� connection oriented (TCP)
Servers can (in theory) be� connectionless iterative � connectionless concurrent� connection-oriented iterative� connection-oriented concurrent
TSIN02 - Internetworking
8
Connectionless Iterative Server
Figure from Forouzan
9
ARP – Address resolution protocol. (RFC 826)� Dynamically maintain a cache of mappings:
IP# → Link-local MAC-address (6bytes)� An ARP package has the following format:
Target hardware address (MACT)
Hardware Type(Ethernet: 0x1) ProtocolType (Ipv4 0x8)
Hardwarelength (0x6)
Protocollength (0x4)
Request (1) or Response (2)Op
Sender hardware address (MACS)
Sender protocol address (IPS)
Target protocol address (IPT)
ARP(Op, MACS, IPS, MACT, IPT) 10
ARP(2, MACT, IPT
, MACS, IPS
)
IPS
ARP(1, MACS, IP
S, 0, IPT)
� Resolving an IP# using ARP. Host IPS doesn’t know the mapping IPT → MACT.
IPT
broadcast
Receiver of ARP request also updates its own ARP-cache with the sender fields of the received package.
11
1. ARP(1, MAC1, IP1, 0, IP2)
A kind of routing can be had between two subnets using proxy ARP
IP1 IP2
IP3
MAC3A MAC3B
2. ARP(1, MAC3B, IP1, 0, IP2)
3. ARP(2, MAC2, IP2, MAC3B, IP1)
4. ARP(2, MAC3A, IP2, MAC1, IP1)
A-net B-net
broa
dcas
t
broadcast
12
A host can broadcast ARP requests for itself:
ARP(1, MyMAC, MyIP, 0xffffff, MyIP)
There are two uses for this:� A host can check for misconfigurations. I.e., does any
other host use my IP#? In that case the host will get an ARP reply and can log an error report.
� When the network interface card is changed (and the corresponding MAC) a host can broadcast this change on the net forcing updates in all ARP-tables.
13
When host A don’t know its own IP# it canbroadcast the RARP request:
ARP(3, MACA, 0, MACA, 0)
The RARP server B answers with unicast:
ARP(4, MACB, IPB, MACA, IPA)
RARP only really handles local networks since it doesn’t convey information about the subnet mask in use and gateway IP.
RARP is not used at all in Ipv6.ARP functionality is built in into ICMPv6.
14
The typical parameters needed for an end host to enable IP communications are:
� The IP-address (A)� The netmask (M)
� Addresses B not matching the mask is sent to the gateway ( (B & M ) != (A & M) ). Otherwise use ARP and find host B on local network.
� The gateway P
� Typically ( 0x1 | (A & M) )� What an unconfigured host can do is broadcast
� Can use 255.255.255.255 (broadcast on all attached interfaces)
� (A & M) | (255.255.255.255 ^ M) for specific interface
15
The DNS service is a crucial component of the Internet. IP-numbers are sometimes difficult to use.
� People don't want to remember IP numbers� Nodes may change their IP addresses.� Subnets may be restructured and netmasks
changed.� Networks switch to other operators.
DNS is a global distributed database letting us have persistent identifications of hosts, services and to some extent also data.
16
The name space of the Internet is divided into three different sections
Figure from Forouzan
17Figure from Forouzan 18Figure from Forouzan
19
� Query for:� address� name server� host information� services � etc
� Responce to queries
DNS messages can be sent through UDP (if less than 512 bytes) or TCP (otherwise)
20Figure from Forouzan
21Figure from Forouzan 22Figure from Forouzan
23
A host can of course be manually configured with IP, netmask, gateway and DNS.
This is not so hard if host needs to be manually configured with further software etc. But the drawbacks are apparent:
� In large networks a scheme is needed anyway. Why not automate it?
� Ease network topology changes. We can focus on sub-netting and configuring routers. Hosts manage themselves!
� A host might not even have persistent memory (Diskless clients, printers etc.) making manual configuration impossible!
� Hosts may be added, removed or moved around on different subnets.
24
Defined in RFC951 (1985). BOOTP allows us to have the auto-configuration service running over the normal IP stack
This is encapsulated in UDP to port 68. The request is broadcast (IP target host 255.255.255.255) The reply goes to port 68 and may be unicast, but then the bootp server needs to update the ARP-table itself. However the reply can be broadcast in which case the TransactionID resolves simultaneous requests.
Options might contain subnet mask, time, time servers, DNS servers, print servers, host name etc. Also some vendors have registered fields.
1 = BOOTREQUEST, 2 = BOOTREPLY
Figure from Forouzan
25Figure from Forouzan 26
To achieve robustness BOOTP...� uses UDP checksum option� client uses timers and retransmission.
� Retransmission timer is in the order of seconds� Timer is randomized to avoid network jam right after e.g., a
power failure.
more...� A relay agent can be used to � BOOTP normally reside in read-only/flash memory in disk-
less clients BIOS.� The TFTP protocol (RFC1350) is usually used to fetch the
OS image given in the Boot File Name field.
27
A BOOTP server typically has a static table where each host’s MAC-address is mapped to IP# (Typically in a file /etc/ethers)
The Server IP field tells of the next server to use if on a disk-less client (typically TFTP of kernel image)
28
BOOTP doesn’t solve the problem with hosts moving around!
� Let’s say we have a /24 subnet (255 nodes).� Visiting hosts are possibly more numerous.
We want to be able to withdraw IP#� Hosts actively releasing their IP#� Time-out mechanisms for when IP# are
automatically withdrawn.
Hosts need to be able to renew their IP# lease.Host may need information about lots of servers.
This requirements are fulfilled by...
29
DHCP for IPv4 – See RFC2131
DHCP is backwards compatible with BOOTP:� A BOOTP client can request a static configuration
from a DHCP server.� Same well-known port numbers are used
The message format is the same� “Unused”-field is now “Flags”. Only LSB is used (client
enforce broadcast reply)� More options than BOOTP
30
Mandatory in every DHCP messageClient → Server� DHCPDISCOVER (1) broadcast to locate servers� DHCPREQUEST (3) requesting offered parameters etc.� DHCPDECLINE (4) indicate address already in use� DHCPRELEASE (7) release network address� DHCPINFORM (8) ask for parameters but not IP# (1997)
Server → Client� DHCPOFFER (2) server’s response to DHCPDISCOVER� DHCPACK (5) confirm client’s now has lease� DHCPNACK (6) tell client its IP# is expired/incorrect
31
server(not selected)
server(selected)client
DHCPDISCOVER DHCPDISCOVERDeterminesconfiguration
Determinesconfiguration
DHCPOFFERDHCPOFFER
Collect replies
Select configuration
DHCPREQUEST DHCPREQUEST
DHCPACK
DHCPRELEASE
broadcast
broadcast
Sees that request does not match offer. (May now release internal lock)
Commits to previous offer
Discard release
TSIN02 - Internetworking
32
DHCP – State Transition Diagram
Figure from Forouzan
33
� Routers� DNS servers� Time servers� Printer servers� Log servers� Swap servers� Mail servers (SMPT)� POP3 servers� NIS servers
� Font servers (X-Windows)� MobileIP Home Agents� Broadcast address� ARP cache timeout val� Ethernet 2 / IEEE802.3� TTL values� Forwarding flag� Source route policy� Plus many more...
Standard options for BOOTP/DHCP are listed in RFC2132
34
Simple ad-hoc network scenario. Hosts are connected to a local network. No special RARP/DHCP server exist.
How to configure hosts with unique IP#?
Answer: RFC3927� Formally what Windows and Mac already do� Picks random addresses from subnet 169.254/16� Randomization should give same sequence between
boots (e.g., use MAC-address for seed)� Use “ARP-probes” to check for collisions
ARP(1, MyMAC, 0, 0xffffff, MyRandomIP)� Defend once if active TCP connections etc.
35
The address is 128 bits long (16 bytes)
Example notation:
FE80:BA98:0074:3210:000F:BBFF:0000:FFFF
may be abbrevated:
FE80:BA98:74:3210:F:BBFF:0:FFFF
Globally routable unicast addresses have the
SubscriberIdentifier
ProviderIdentifier
SubnetIdentifier Node Identifier
8 16 24 32 48
010 Registry INTERNIC 11000RIPNIC 01000APNIC 10100
Pick MAC-address here!
36
Two methods� Stateful DHCPv6 requests� Stateless Address Autoconfiguration
In IPv6 routers periodically send Router Advertisements (ICMPv6)
� Stateful autoconfiguration available or not� Other stateful parameter configuration available� Various timing values.� >>> Prefix Information <<<
37
� Simpler message structure:
� Requires globally unique identifiers of clients and hosts (DUID – DHCP Unique Identifier). These can be constructed from MAC-addresses.
� Client uniquely identifies network interfaces.
msgtype transactions-ID
options(variable)
8 24
38
Client → Server
� SOLICIT (1) locate servers
� REQUEST (3) request parameters from a specific server
� CONFIRM (4) confirm that address is still appropriate
� RENEW (5) try extend lifetime of assigned addresses
� REBIND (6) follows an unresponsive RENEW. Get other parameters
� RELEASE (8) tell server we don’t use one or more addresses
� DECLINE (9) tell server one or more addresses already seem in use
� INFORMATION REQUEST (11) Request configuration params without IP#
Server → Client
� ADVERTISE (2) server’s ready to serve. Response to SOLICIT
� REPLY (7) general reply message. May contain configuration parameters
� RECONFIGURE (10) tell client it needs to RENEW
39
� Not so many options yet.� Client DUID, Server DUID, Client interface ID� IPv6 address + lease time
(obviously such an option!)� Rapid transaction option (two messages)
� Security!� DHCPv6 may use IPSec� Authentication option (works both ways)
� DNS configuration option: RFC3646 (servers and domain lists)� Some more options on draft stage in the dhc working group.
� Time, NIS, timezones, tunnels, boot images etc.
40
� RFC2462� Similar to zeroconf we form an link-local address and
run the “Duplicate Address Detection” scheme.� IPv6 link-local prefix: FE80::0. Put the hardware
interface’s address (length N) in the rightmost N bits. Maximum allowed hardware address length 118bits.(Note: there exists a 64-bit standard hardware addressing system)
� Listen for router advertisements and the “Prefix Information” field. Use these prefixes to form (possibly many) routable addresses! (global and site)
41
Taking it one step further...
Work is underway to enable autoconfiguration of IPv6 addresses for whole network topologies. See draft,
Requirements for IPv6 prefix delegation
on the ipv6 working group page.
An expired draft (2000) can be found at 6ants.net� Routers search for “delegating routers” via a multicast
query.� It picks one delegating router and sends an initial request
requiring a prefix of needed length� Delegating answers responds with a prefix which
querying router may use till it expires42
Problem statement: How to automatically find a host responsible for running a particular service?� Many protocols uses broadcast or registered multicast
addresses for sending requests to a server with unknown unicast address,� IGMP, RARP, BOOTP, DHCP, MADCAP, SIP
� Services may broadcast their existence. Typically used in file/printer sharing networks → broadcast storms in large networks →
� Directory services which summarizes available services (NIS, Novell Directory Service, Microsoft Active Directory, Apple Open Directory). Not only shares and printers but also hosts in general and user authentication information.
43
Two generic mechanisms for discovering services can be found in IETF’s working groups
� A new DNS resource record type SRV has been defined in RFC2782. I.e., the DNS server can be queried for needed services.
� The Service Location Protocol defined by the svrloc (now concluded) working group. This mechanism allows for queries of abstract services (explained later) as well as LDAP (Light Weight Directory Access Protocol) filtering based on predefined attributes for services
� Of these two methods the DNS SRV seems to survive. For instance Windows 2000 uses the scheme when looking for active directories.
44
[_Service._Proto.Name TTL Class SRV Priority Weight Port Target]
_Service A service name as defined by IANA,See www.iana.org/assignments/service-names.
_Proto A protocol from the same namespace as above.Typically “_TCP” or “_UDP”
Name DNS-domain name
TTL (32 bits) For how long the record can be cached (in seconds)
Class Network class (1 = Internet)
SRV The Resource Record string identifier (type# = 33)
Priority (16 bits) Client must try to pick serving host with lowest value
Weight (16 bits) When client finds several services of the same priority it picks one with a probability proportional to the weight value.
Port Port number the service is running on
Target DNS domain name of serving host
45
Example of a DNS table entry for fictional service “foobar”(from the RFC.)
$ORIGIN example.com. @ SOA server.example.com. root.example.com. ( 1995032001 3600 3600 604800 86400 ) NS server.example.com. NS ns1.ip-provider.net. NS ns2.ip-provider.net. ; foobar - use old-slow-box or new-fast-box if either is ; available, make three quarters of the logins go to ; new-fast-box. _foobar._tcp SRV 0 1 9 old-slow-box.example.com. SRV 0 3 9 new-fast-box.example.com. ; if neither old-slow-box or new-fast-box is up, switch to ; using the sysdmin's box and the server SRV 1 0 9 sysadmins-box.example.com. SRV 1 0 9 server.example.com. server A 172.30.79.10 old-slow-box A 172.30.79.11 sysadmins-box A 172.30.79.12 new-fast-box A 172.30.79.13 ; NO other services are supported *._tcp SRV 0 0 0 . *._udp SRV 0 0 0 .
46
Services may be abstract or specific.
Naming &directory services
File sharingservicesPrinting services
lpr:
SMBprinters
IPP
NFSCIFS
SMBshares
AndrewFS
OpenDirectory
NIS
ActiveDirectory
JAVAJNDI
abstract
specific
The Service Location Protocol ver. 2 (RFC2608) approaches the matter of finding services in a general manner. (proposed standard...)
� Can search for abstract as well as specific services� Can have parametrical restrictions on services we want to know
about. I.e. All printers with printer-color-supported to true
47
SLP common header
Length of <PRList> <PRList>
Length of <service-type> <service-type> (string)
Length of <scope-list> <scope-list>
Length of <predicate> <predicate>
Length SPI “BSD=0x0002”
<PRList> Previously responding servers. <service-type> An URI-style service (E.g., “http” “ftp” “telnet”) or a “service:”
specifier. The new service: specifier let us have abstract services:Example: service:printer: , service:naming-directory
<scope-list> A list of “groups” we accept services from.Example: DEFAULT, SALES_DEPT
<predicate> An LDAPv3 search filter expression. (RFC2254)<SPI> Denote authentication style needed. Currently BSD=0x0002
corresponding to DSA/SHA1 signatures is used. 48
� SA ( Service Agent) answers (unicast) with a list of URL:s matching the Service Request.
� A client might get a Directory Agent Advertisement(DAAdvert) as an answer. This tells the client of a
service:directory-agent://<addr>which could be a “super-agent” for other services. We can unicast new queries directly to DA:s.
SLP common header
Error Code URL Entry count
<URL entry 1> . . . <URL Entry N>
49
1. Multicasts a SrvReq request
3. Not satisfied. Multicast a new SrvReq with previously answering servers in <PRList>
2. Answer withSrvRply
4. Answer withSrvRply
5. This machine was a little slow but keeps track of many services. We send a DAAdvert message
Services might earlier have registered with DA via SvrReg messages
SvrReg
50
dhc – Dynamic Host Configuration
� DHCPv4� DHCPv6� DHCP Options and BOOTP Vendor Extensions
ipv6 – IP version 6
� Addressing Architecture� Stateless Address Autoconfiguration
dnsext – DNS Extensions
� DNS SRV Resource Records
svrloc – Service Location Protocol (Note: concluded)
� SLPv1, SLPv2� IANA schemes for “service:” URI:s
51
Universal plug and play - each entity can automatically find IP address, learn about services in the network and announce its own services.
The Universal Plug and Play Forum - a group of more than 700 vendors that define specifications for UPnP devices
Current architecture - a set of application level protocols running on top of TCP/IP.
52
� RARP and BOOTP have shortcomings.� Dynamic Host Configuration Protocol (DHCP) is most versatile for
IPv4 autoconfiguration. Many options for locating various servers etc.� Zero-configuration scheme exists as draft for IPv4. Zero-configuration
of link-local IPv6 addresses on Standards Track.� In IPv6 use Router Advertisements to get prefixes to link-local
address making it site-local / global.� Use DHCPv6 for total administrative control.� Automatic service location via DNS SRV Resource Records or
Service Location Protocol. � UPnP - the future?