(rev. 01/22/2010)
Notes On Chapter Twenty-Three
-- Support Protocols and Technologies
- 23.1 Introduction
- Address Binding
- Error Reporting
- Bootstrapping
- Address Translation
- 23.2 Address Resolution
- Refer to Figure 23.1 on page 382.
- In order to send an IP datagram over real physical networks, it's
necessary to encapsulate it in a physical frame, and it is necessary
to find out the physical (MAC) destination address and place it in
the header of the physical frame.
- Often when host X wants to send an IP datagram to host Y on the same
network, X knows the IP address of Y, but not the MAC address of Y.
- This is a problem of address resolution
- This problem comes up each time that an Internet datagram is
forwarded to the next hop toward it's ultimate destination.
- 23.3 The Address Resolution Protocol
- Refer to Figure 23.2 on page 383.
- The Address Resolution Protocol (ARP) is the most frequently
used means of translating IP addresses into MAC addresses.
- The idea of ARP:
- Host B knows the IP address of host C.
- Let's say the IP address of host C is 130.17.70.83.
- Host B needs to know the MAC address of host C.
- Host B broadcasts a message on the network to which it is
directly connected saying: "Please help me find the MAC address
corresponding to 130.17.70.83"
- The broadcast is forwarded through hubs, bridges and switches.
- Host C receives a copy of the broadcast and replies directly to
B: "Oh, I am 130.17.70.83. My MAC address is 0:3:ba:16:bc:c0."
- 23.4 ARP Message Format
- Refer to Figure 23.3 on page 384.
- ARP can be used to get translation between pretty much any two
address sets.
- However ARP is actually used almost exclusively to get Ethernet
addresses corresponding to IP addresses.
- Fields:
- HARDWARE ADDRESS TYPE: type of hardware address used,
e.g. 1 for Ethernet
- PROTOCOL ADDRESS TYPE: type of protocol address used - e.g.
0x0800 for IPv4
- HADDR LEN: tells how long hardware addresses are
- PADDR LEN: tells how long protocol addresses are
- OPERATION: tells whether this packet is a query or a response
- SENDER HADDR: sender's hardware address
- SENDER PADDR: sender's protocol address
- TARGET HADDR: target's hardware address
- TARGET PADDR: target's protocol address
- Be careful to understand the use of the TARGET fields.
- In an ARP query, when B is asking for the MAC address of C, C is the
target.
- In the ARP response C sends to tell B C's MAC address, B is the
target.
- 23.5 ARP Encapsulation
- Refer to Figure 23.4 on page 386.
- An ARP query or reply travels on a physical network encapsulated in a
physical frame.
- Typically the frame has a type field the sender uses to mark the
frame
- When an ARP query or reply travels in an Ethernet frame, the Ethernet
header type field is set by the sender to 0x806 to denote an ARP
message.
- The receiver has to look at the OPERATION field in the ARP message to
figure out whether it is a query or response.
- 23.6 ARP Caching and Message Processing
- Refer to Algorithm 23.1 on page 387.
- ARP includes measures to help optimize performance and resource
utilization.
- Computers keep caches of address bindings - not indefinitely but
until they expire or are replaced.
- If a computer has a valid binding in its ARP cache, it won't
broadcast an ARP request for that binding.
- When host B broadcasts an ARP request for the MAC address of host C:
- C puts B's protocol (e.g. IP) address and MAC address in its ARP
cache.
- Any other host on the local network, if it already has an ARP
cache entry for B, updates the entry with the MAC address for B
contained in the ARP request.
- The effect of the caching described above is that hosts that may
soon need to send a packet to B get the required address bindings.
- On the other hand, hosts that aren't likely to need the bindings
don't cache them. They have limited space in their ARP caches.
Choosing not to cache some things helps prevent new but useless
information from crowding out old but valuable information in APR
caches.
- Of course, if C is the target of an ARP request, it sends an ARP
response to B containing C's MAC address.
- 23.7 The Conceptual Address Boundary
- Refer to Figure 23.5 on page 389.
- ARP is conceptual boundary in the five-layer TCP/IP reference model.
- We can think of ARP as if it were at the top of the Link Layer (the
network interface layer).
- Above the level of ARP, protocol software uses IP addresses.
- Below the level of ARP protocol software and network hardware use MAC
addresses.
- 23.8 Internet Control Message Protocol (ICMP)
- Refer to Figure 23.6 on page 390.
- ICMP is used to report errors back to the sender of a datagram.
- This does not include "Checksum Error" messages because in that case
the source address can not be trusted. Packets with checksum errors
are simply discarded by the receiver.
- ICMP is also used to obtain information - e.g. echo requests.
- ICMP Destination Unreachable messages inform a sender that
no route could be found to the intended recipient.
- 23.9 ICMP Message Format and Encapsulation
- Refer to Figure 23.7 on page 391.
- ICMP messages are sent inside IP datagrams - as payloads of IP
datagrams.
- TCP/IP protocol does NOT call for sending an error message regarding
a problem with the sending of an ICMP error message.
- 23.10 Protocol Software, Parameters and Configuration
- Typically the TCP/IP protocol software that runs on a host is
designed to work when installed on any host on most any
network.
- This has advantages, but it means that certain "blanks must be
filled in" (parameters must be set) when hosts boot.
- The parameters have to do with attributes of the host and the
network.
- 23.11 Dynamic Host Configuration Protocol (DHCP)
- A booting computer X can use Reverse Address Resolution
Protocol (RARP). X broadcasts a RARP request and obtains its IP
address from a server.
- Similarly X can broadcast ICMP Address Mask Request and
Router Discovery messages.
- Bootstrap Protocol (BOOTP) was invented to give booting
computers a mechanism to broadcast one request and receive IP number,
address mask and default router IP. BOOTP uses IP directly - all 1's
for the destination and all 0's for the source address. The
responding server unicasts back to the requester, using as
destination address the MAC source address from the request.
- BOOTP was designed to provide service to hosts that were permanently
installed on the local network. Network administrators configured
the BOOTP server with a table that determined which IP address to
assign to which host. If a host wasn't on the list, there was no
provision for assigning it an IP number.
- DHCP took the BOOTP idea a step further. It allows a computer to
join a network and be assigned an IP address from a pool of addresses
maintained for that purpose.
- DHCP works like BOOTP. It's basically an extension of BOOTP.
- DHCP can provide a permanent addresses in the manner of BOOTP, or an
on-demand address from a pool.
- On-demand DHCP addresses are actually just leased for a
limited time, and hosts have to get an extension if they want to keep
them longer.
- 23.12 DHCP Protocol Operation and Optimizations
- Recovery from loss or duplication - if no response, host retransmits
DHCP request. If there is a duplicate response from a server, the
host ignores it.
- Caching of a server address - host caches server's address after
using DHCP Discover message to find a DHCP server.
- Avoidance of synchronized flooding - hosts must delay a random time
before transmitting a DHCP request, or retransmitting.
- 23.13 DHCP Message Format
- Refer to Figure 23.8 on page 395.
- Various fields exist for client request and server response.
- In addition to information types mentioned previously, a host can use
DHCP to request the location of a boot file, which it can then
download with, say TFTP.
- 23.14 Indirect DHCP Server Access Through a Relay
- It's typical now to have setups where DHCP relay agents forward DHCP
requests and replies across subnet routers to a centralized DHCP
server.
- 23.15 Network Address Translation (NAT)
- Refer to Figure 23.9 on page 396.
- NAT is a technology that allows all computers in a network to share
a single IP address.
- On the local network, hosts use separate, unique IP addresses and
operate just as any host on the Internet would.
- However to hosts on the external Internet, all hosts on the local NAT
network appear to be just one single host.
- Typically the device providing the NAT service is a wireless access
point or home network 'router'.
- 23.16 NAT Operation and Private Addresses
- Refer to Figure 23.10 on page 397.
- Refer to Figure 23.11 on page 398.
- Refer to Figure 23.12 on page 398.
- All packet traffic between the external Internet and the local
network passes through the NAT device.
- The NAT device has a "real" globally-valid IP address.
- The hosts on the local network have IP addresses uniquely assigned
from a special family of private addresses (aka
non-routable addresses)
- When a host on the local network sends an IP datagram to the external
Internet, the NAT router modifies the datagram, substituting
its own globally-valid IP address for the non-routable source
address.
- When a host on the external Internet receives a datagram from a host
on the local network, it appears to have come from the NAT device.
So naturally, if the external host sends a reply, it send it to the
NAT device.
- When the NAT device receives the reply from the external host, it
replaces the destination address in the datagram with the original
non-routable address of the local host that initialized the
interaction.
- This doesn't work at all unless the NAT keeps track of which hosts on
the local network have sent packets to which hosts on the external
Internet. Why? Every incoming datagram has the same destination
address. However if NAT keeps track of who has been sending to whom,
NAT may be able to route datagrams to the local hosts based on the
SOURCE addresses in the incoming datagrams.
- However, even this "hack" is not workable if two hosts J and K on the
local network try to communicate at the same time with the same host
X on the external Internet. When the NAT gets a datagram from X,
there's nothing to indicate whether it's supposed to go to J or K.
- 23.17 Transport-Layer NAT (NAPT)
- Refer to Figure 23.13 on page 399.
- Most folks who think they have NAT actually have NAPT - Network
Address and Port Translation.
- When a host J on the local network sends an IP datagram to host X on
the external Internet, the NAPT router modifies the datagram, not only
substituting its own globally-valid IP address for the non-routable
source address of J, but also changing the source PORT number to some
unique value that the NAPT router can remember is associated with
host J.
- If a different host K on the local network sends datagrams to X, NAPT
will substitute a DIFFERENT PORT NUMBER.
- Later when a datagram arrives from X, NAPT can figure out from the
combination of source IP address and destination port number whether
the datagram should be forwarded to J or K. The port numbers will be
different, even though the source IP address will be the same.
- 23.18 NAT and Servers
- Since NAT and NAPT rely on building a translation table based on
outgoing traffic, it doesn't support a local network that has
multiple servers. For example if a client tries to connect on port
80 from the outside, how can NAPT know which local webserver should
get the datagrams?
- There's a variant of NAT, called "Twice NAT" that is somewhat
helpful.
- If the client in the external network contacts the DNS server at the
local site to translate the domain name of the server, the DNS server
will interact with the NAT or NAPT system, which will create a table
entry that allows the client to reach the desired server.
- However THAT hack doesn't work if the client uses the IP address of
the directly or if it uses a proxy DNS server.
- 23.19 NAT Software and Systems for Use at Home
- Refer to Figure 23.14 on page 400.
- NAT/NAPT is used in residences and small businesses as a way of
running a network while sharing a single IP address.
- It may be cheaper to purchase and operate "NAT router" than to
purchase additional IP addresses from an ISP.