Notes On Chapter Twenty-Three -- Support Protocols and Technologies

• 23.1 Introduction
  
  
  • Address Binding
  • Error Reporting
  • Bootstrapping
  • Address Translation
  
  
• 23.2 Address Resolution
  
  
  • Refer to Figure 23.1 on page 382.
  • In order to send an IP datagram over real physical networks, it's necessary to encapsulate it in a physical frame, and it is necessary to find out the physical (MAC) destination address and place it in the header of the physical frame.
  • Often when host X wants to send an IP datagram to host Y on the same network, X knows the IP address of Y, but not the MAC address of Y.
  • This is a problem of address resolution
  • This problem comes up each time that an Internet datagram is forwarded to the next hop toward it's ultimate destination.
  
  
• 23.3 The Address Resolution Protocol
  
  
  • Refer to Figure 23.2 on page 383.
  • The Address Resolution Protocol (ARP) is the most frequently used means of translating IP addresses into MAC addresses.
  • The idea of ARP:
    • Host B knows the IP address of host C.
    • Let's say the IP address of host C is 130.17.70.83.
    • Host B needs to know the MAC address of host C.
    • Host B broadcasts a message on the network to which it is directly connected saying: "Please help me find the MAC address corresponding to 130.17.70.83"
    • The broadcast is forwarded through hubs, bridges and switches.
    • Host C receives a copy of the broadcast and replies directly to B: "Oh, I am 130.17.70.83. My MAC address is 0:3:ba:16:bc:c0."
  
  
• 23.4 ARP Message Format
  
  
  • Refer to Figure 23.3 on page 384.
  • ARP can be used to get translation between pretty much any two address sets.
  • However ARP is actually used almost exclusively to get Ethernet addresses corresponding to IP addresses.
  • Fields:
    • HARDWARE ADDRESS TYPE: type of hardware address used, e.g. 1 for Ethernet
    • PROTOCOL ADDRESS TYPE: type of protocol address used - e.g. 0x0800 for IPv4
    • HADDR LEN: tells how long hardware addresses are
    • PADDR LEN: tells how long protocol addresses are
    • OPERATION: tells whether this packet is a query or a response
    • SENDER HADDR: sender's hardware address
    • SENDER PADDR: sender's protocol address
    • TARGET HADDR: target's hardware address
    • TARGET PADDR: target's protocol address
  • Be careful to understand the use of the TARGET fields.
  • In an ARP query, when B is asking for the MAC address of C, C is the target.
  • In the ARP response C sends to tell B C's MAC address, B is the target.
  
  
• 23.5 ARP Encapsulation
  
  
  • Refer to Figure 23.4 on page 386.
  • An ARP query or reply travels on a physical network encapsulated in a physical frame.
  • Typically the frame has a type field the sender uses to mark the frame
  • When an ARP query or reply travels in an Ethernet frame, the Ethernet header type field is set by the sender to 0x806 to denote an ARP message.
  • The receiver has to look at the OPERATION field in the ARP message to figure out whether it is a query or response.
  
  
• 23.6 ARP Caching and Message Processing
  
  
  • Refer to Algorithm 23.1 on page 387.
  • ARP includes measures to help optimize performance and resource utilization.
  • Computers keep caches of address bindings - not indefinitely but until they expire or are replaced.
  • If a computer has a valid binding in its ARP cache, it won't broadcast an ARP request for that binding.
  • When host B broadcasts an ARP request for the MAC address of host C:
    • C puts B's protocol (e.g. IP) address and MAC address in its ARP cache.
    • Any other host on the local network, if it already has an ARP cache entry for B, updates the entry with the MAC address for B contained in the ARP request.
    
    
  • The effect of the caching described above is that hosts that may soon need to send a packet to B get the required address bindings.
  • On the other hand, hosts that aren't likely to need the bindings don't cache them. They have limited space in their ARP caches. Choosing not to cache some things helps prevent new but useless information from crowding out old but valuable information in APR caches.
  • Of course, if C is the target of an ARP request, it sends an ARP response to B containing C's MAC address.
  
  
• 23.7 The Conceptual Address Boundary
  
  
  • Refer to Figure 23.5 on page 389.
  • ARP is conceptual boundary in the five-layer TCP/IP reference model.
  • We can think of ARP as if it were at the top of the Link Layer (the network interface layer).
  • Above the level of ARP, protocol software uses IP addresses.
  • Below the level of ARP protocol software and network hardware use MAC addresses.
  
  
• 23.8 Internet Control Message Protocol (ICMP)
  
  
  • Refer to Figure 23.6 on page 390.
  • ICMP is used to report errors back to the sender of a datagram.
  • This does not include "Checksum Error" messages because in that case the source address can not be trusted. Packets with checksum errors are simply discarded by the receiver.
  • ICMP is also used to obtain information - e.g. echo requests.
  • ICMP Destination Unreachable messages inform a sender that no route could be found to the intended recipient.
  
  
• 23.9 ICMP Message Format and Encapsulation
  
  
  • Refer to Figure 23.7 on page 391.
  • ICMP messages are sent inside IP datagrams - as payloads of IP datagrams.
  • TCP/IP protocol does NOT call for sending an error message regarding a problem with the sending of an ICMP error message.
  
  
• 23.10 Protocol Software, Parameters and Configuration
  
  
  • Typically the TCP/IP protocol software that runs on a host is designed to work when installed on any host on most any network.
  • This has advantages, but it means that certain "blanks must be filled in" (parameters must be set) when hosts boot.
  • The parameters have to do with attributes of the host and the network.
  
  
• 23.11 Dynamic Host Configuration Protocol (DHCP)
  
  
  • A booting computer X can use Reverse Address Resolution Protocol (RARP). X broadcasts a RARP request and obtains its IP address from a server.
  • Similarly X can broadcast ICMP Address Mask Request and Router Discovery messages.
  • Bootstrap Protocol (BOOTP) was invented to give booting computers a mechanism to broadcast one request and receive IP number, address mask and default router IP. BOOTP uses IP directly - all 1's for the destination and all 0's for the source address. The responding server unicasts back to the requester, using as destination address the MAC source address from the request.
  • BOOTP was designed to provide service to hosts that were permanently installed on the local network. Network administrators configured the BOOTP server with a table that determined which IP address to assign to which host. If a host wasn't on the list, there was no provision for assigning it an IP number.
  • DHCP took the BOOTP idea a step further. It allows a computer to join a network and be assigned an IP address from a pool of addresses maintained for that purpose.
  • DHCP works like BOOTP. It's basically an extension of BOOTP.
  • DHCP can provide a permanent addresses in the manner of BOOTP, or an on-demand address from a pool.
  • On-demand DHCP addresses are actually just leased for a limited time, and hosts have to get an extension if they want to keep them longer.
  
  
• 23.12 DHCP Protocol Operation and Optimizations
  
  
  • Recovery from loss or duplication - if no response, host retransmits DHCP request. If there is a duplicate response from a server, the host ignores it.
  • Caching of a server address - host caches server's address after using DHCP Discover message to find a DHCP server.
  • Avoidance of synchronized flooding - hosts must delay a random time before transmitting a DHCP request, or retransmitting.
  
  
• 23.13 DHCP Message Format
  
  
  • Refer to Figure 23.8 on page 395.
  • Various fields exist for client request and server response.
  • In addition to information types mentioned previously, a host can use DHCP to request the location of a boot file, which it can then download with, say TFTP.
  
  
• 23.14 Indirect DHCP Server Access Through a Relay
  
  
  • It's typical now to have setups where DHCP relay agents forward DHCP requests and replies across subnet routers to a centralized DHCP server.
  
  
• 23.15 Network Address Translation (NAT)
  
  
  • Refer to Figure 23.9 on page 396.
  • NAT is a technology that allows all computers in a network to share a single IP address.
  • On the local network, hosts use separate, unique IP addresses and operate just as any host on the Internet would.
  • However to hosts on the external Internet, all hosts on the local NAT network appear to be just one single host.
  • Typically the device providing the NAT service is a wireless access point or home network 'router'.
  
  
• 23.16 NAT Operation and Private Addresses
  
  
  • Refer to Figure 23.10 on page 397.
  • Refer to Figure 23.11 on page 398.
  • Refer to Figure 23.12 on page 398.
  • All packet traffic between the external Internet and the local network passes through the NAT device.
  • The NAT device has a "real" globally-valid IP address.
  • The hosts on the local network have IP addresses uniquely assigned from a special family of private addresses (aka non-routable addresses)
  • When a host on the local network sends an IP datagram to the external Internet, the NAT router modifies the datagram, substituting its own globally-valid IP address for the non-routable source address.
  • When a host on the external Internet receives a datagram from a host on the local network, it appears to have come from the NAT device. So naturally, if the external host sends a reply, it send it to the NAT device.
  • When the NAT device receives the reply from the external host, it replaces the destination address in the datagram with the original non-routable address of the local host that initialized the interaction.
  • This doesn't work at all unless the NAT keeps track of which hosts on the local network have sent packets to which hosts on the external Internet. Why? Every incoming datagram has the same destination address. However if NAT keeps track of who has been sending to whom, NAT may be able to route datagrams to the local hosts based on the SOURCE addresses in the incoming datagrams.
  • However, even this "hack" is not workable if two hosts J and K on the local network try to communicate at the same time with the same host X on the external Internet. When the NAT gets a datagram from X, there's nothing to indicate whether it's supposed to go to J or K.
  
  
• 23.17 Transport-Layer NAT (NAPT)
  
  
  • Refer to Figure 23.13 on page 399.
  • Most folks who think they have NAT actually have NAPT - Network Address and Port Translation.
  • When a host J on the local network sends an IP datagram to host X on the external Internet, the NAPT router modifies the datagram, not only substituting its own globally-valid IP address for the non-routable source address of J, but also changing the source PORT number to some unique value that the NAPT router can remember is associated with host J.
  • If a different host K on the local network sends datagrams to X, NAPT will substitute a DIFFERENT PORT NUMBER.
  • Later when a datagram arrives from X, NAPT can figure out from the combination of source IP address and destination port number whether the datagram should be forwarded to J or K. The port numbers will be different, even though the source IP address will be the same.
  
  
• 23.18 NAT and Servers
  
  
  • Since NAT and NAPT rely on building a translation table based on outgoing traffic, it doesn't support a local network that has multiple servers. For example if a client tries to connect on port 80 from the outside, how can NAPT know which local webserver should get the datagrams?
  • There's a variant of NAT, called "Twice NAT" that is somewhat helpful.
  • If the client in the external network contacts the DNS server at the local site to translate the domain name of the server, the DNS server will interact with the NAT or NAPT system, which will create a table entry that allows the client to reach the desired server.
  • However THAT hack doesn't work if the client uses the IP address of the directly or if it uses a proxy DNS server.
  
  
• 23.19 NAT Software and Systems for Use at Home
  
  
  • Refer to Figure 23.14 on page 400.
  • NAT/NAPT is used in residences and small businesses as a way of running a network while sharing a single IP address.
  • It may be cheaper to purchase and operate "NAT router" than to purchase additional IP addresses from an ISP.