DHCP, DNS and SNMP Review

1
DHCP, DNS and SNMP Review
Richard Perlman Lucent Technologies perl_at_lucent.co
m
2
DHCP, DNS and SNMP Review

• Servers Infrastructure
• How does your computer know which IP to use?
• How does your computer know that www.ceenet.org
  is at IP 212.87.7.181?
• How can you track your networks health?

3
The Internet and Addressing

• All machines on the Internet are accessed via
  their IP address
• Dotted quad xxx.xxx.xxx.xxx
• Problem IP addresses are hard to remember and
  hard to statically assign on large networks
• Solution Need to come up with a way to
  automatically assign IP addresses and a text
  based representation of machine addresses instead
  of just 4 numbers

4
Addressing Solutions

• Two protocols have been developed to solve these
  problems
• DHCP automatic network configuration (including
  IP address)
• DNS translates textual based names into IP
  addresses and vice versa

5
Dynamic Host Configuration Protocol (DHCP)

• Allows client machines to receive an IP address,
  DNS information, etc automatically
• Before DHCP users had to type in all this
  information by hand, which is bad
• Easy to mistype something when entering by hand
• Manually changing network configuration every
  time you move your laptop is a pain
• Bootp resolved some of these issues
• and DHCP still uses the same port as bootp

6
DHCP Basics

• A client leases an IP address from a DHCP server
  for a given amount of time
• When lease expires, the client must ask DHCP
  server for a new address (clients attempt to
  renew lease after 50 of the lease time has
  expired)
• Typical leases may last for 30 seconds, 24 hours,
  or longer.

7
DHCP Messages Overview

• Several messages are sent back and forth between
  a client and the DHCP server before it can
  successfully obtain an IP address

8
DHCP DISCOVER

• Hardcoding the addresses of DHCP servers kind of
  defeats the purpose of automatic configuration
• Solution A client using DHCP will broadcast a
  DISCOVER message to all computers on its subnet
  (addr 255.255.255.255) to figure out the IP
  address of any DHCP servers
• Most routers are configured to pass this request
  within the campus or enterprise

9
DHCP OFFER

• (Optionally) sent from server in response to a
  DISCOVER
• Contains an IP address, other configuration
  information as well (subnet mask, DNS servers,
  default gateway, search domains, etc)
• Note that all DHCP servers that receive a
  DISCOVER request may send an OFFER since a
  client typically does not need gt 1 IP address,
  more messages needed

10
DHCP REQUEST

• Sent by client to request a certain IP address
• Usually the one sent by an OFFER, but also used
  to renew leases. Also can be sent to try to get
  same address after a reboot
• This message is broadcast
• Most OSs by default will send a REQUEST for the
  first OFFER they receive this means that if
  there is a rogue DHCP server on your subnet, most
  clients will ignore the OFFERs from the campus
  DHCP servers (since the OFFER from the rogue
  server gets to the users PC first)!

11
DHCP ACK/NACK

• Sent by server in response to a REQUEST
• ACK Request accepted, client can start using the
  IP it REQUESTed
• NACK Something is wrong with the clients
  REQUEST (for example they requested an IP address
  theyre not supposed to have)

12
DHCP RELEASE

• Sent by client to end a lease
• Not strictly required, but is the polite thing
  to do if done with the IP (could just let the
  lease expire)
• Some clients may not send RELEASEs in an attempt
  to keep the same IP address for as long as
  possible

13
DHCP Big Picture
14
DHCP Conclusion

• Efficient way of assigning computers IP addresses
  and delivering configuration information to those
  computers
• Does not solve other problem of addressing that
  IP addresses are hard to remember

15
Domain Name System (DNS)

• The first IP networks distributed host files on a
  regular basis
• This became a burden and an automated distributed
  solution was needed
• DNS is born
• Translates IP addresses into domain names and
  vice versa
• Ex www.ceenet.org lt-gt IP 212.87.7.181
• (which one would you rather remember?)

16
DNS Basics

• Hierarchical namespace
• Distributed system very few core servers
• Stores other information than simple hostname
  lt-gt IP mappings
• Request/response protocol

17
DNS Naming

• Hierarchical
• Top-level domains (TLDs) .com, .org, .net, .gov,
  .edu, .us, .uk, etc
• These contain standard domains such as
  stanford.edu, whitehouse.gov, cnn.com, etc
• Can have subdomains such as pobox.stanford.edu

18
DNS Architecture

• DNS servers are responsible for one or more
  domains of any level
• Root servers are maintained throughout the
  world (one is in Palo Alto) and are responsible
  for all of the top-level domains
• When you register a domain, an entry for that
  domain is added to the appropriate root server
• Owners of each regular domain or subdomain
  maintain (or outsource) their own DNS servers
  containing the correct information

19
DNS Domain servers

• What kind of records can be requested for a given
  domain?
• Address translation
• Caching information
• Mail server information
• Authoritative nameserver information
• How is this data requested?
• Each record has a type and certain data
  associated with it clients request records of a
  certain type from a server

20
DNS Addressing Records

• Four major types of addressing records A, AAAA,
  CNAME, PTR
• A, AAAA Translate a text name into an IP address
  (A IPv4, AAAA IPv6)
• One hostname can have multiple A and/or AAAA
  records (ex www.cnn.com)

21
DNS Addressing Records Cont

• CNAME aliases for a certain hostname
• Ex rescom.stanford.edu is just an alias for
  rescomp.stanford.edu
• Note that CNAMEs point to hostnames not IP
  addresses
• PTR translates from an IP address to a hostname
• Each IP address can only have 1 PTR record
• Note that PTR and A/AAAA records do not have to
  be symmetrical!
• - Ex foo.sample.com can have A records for
  10.0.0.2 and 10.0.0.3, while 10.0.0.2 can have a
  PTR record for bar.sample.com

22
DNS Mail Exchange Records

• DNS is also a crucial component of the email
  system
• Where should mail addressed to _at_stanford.edu go?
• Not the same place browsers attempting to go to
  stanford.edu should go
• Mail Exchange (MX) records used for this purpose
• Records consist of a priority and a hostname used
  to redirect mail to (note that this hostname can
  be in any domain)
• Records with the lowest priority number tried
  first if unreachable, other servers on the list
  will be tried (different from addressing records
  which do not have priorities)

23
SNMP - Simple Network Management Protocol
24
SNMP is

• A network management tool
• Designed to allow data acquisition from SNMP
  capable network equipment
• Allows control of SNMP capable equipment by the
  distant controller
• Based on inquiry/response architecture with
  simple response parameters

25
SNMP is

• Used for management of fault conditions
  prevention of and response to network failure
• Designed to manage performance coping with
  deterioration of performance due to congestion,
  changing traffic conditions

26
SNMP Message Protocol

• Messages use UDP, ports 161 (requests/responses)
  and 162 (notifications)
• Message types
• GetRequest request values of variables from
  device
• GetNextRequest request value of variable
  following the one supplied
• GetResponse return values
• SetRequest instruct device to set values of
  variables
• Trap from device - notify monitor / manager of
  value change

27
SNMP Communities

• Define communities specifying access to
  specific variable sets (read-write, read only,
  none)
• Supply community name as password in each
  message
• unencrypted in version of SNMP still widely used!!

28
SNMP SMI (Structure of Management Information)

• Variables recognized by device supplied in MIB
  (Management Information Base)
• text file giving variables and data structures
  defined using ASN.1
• standard variable sets often provided as RFCs
• device-specific sets provided by vendors
• Management stations parse MIBs to determine
  variables available for management
• obtain both data structure and management
  information

29
Example portion of MIB (from RFC 1213)
-- the Interfaces group --
Implementation of the Interfaces group is
mandatory for -- all systems.
ifNumber OBJECT-TYPE SYNTAX INTEGER
ACCESS read-only STATUS
mandatory DESCRIPTION "The
number of network interfaces (regardless of
their current state) present on this
system." interfaces 1
30
SNMP Message Encoding

• Encode message as byte stream using ASN.1 BER
  (Abstract Syntax Notation 1 Basic Encoding Rules)
• Quantities encoded as Type,Length,Value triples
• Types
• Subset of basic ASN.1 types used in SNMP
  integer, octet string, object identifier
  (variable name), sequence
• SNMP-defined types gauge, counter, IP address,
  etc.
• Values
• weirdly encoded!! (see ASN.1 specs)

31
ASN.1 Object Identifiers

• Variables identified by globally unique strings
  of digits
• ex 1.3.6.1.4.1.3.5.1.1
• name space is hierarchical tree on next slide
• in above, 1 stands for iso, 3 stands for org,
  6 stands for dod, 1 stands for internet, 4
  stands for private, etc.
• Variable names are aliases for digit strings
  (within MIB)
• From previous page ifNumber interfaces
  1
• interfaces was previously defined in MIB as
  1.3.6.1.2.1.2, so ifNumber 1.3.6.1.2.1.2.1

32
Partial ASN.1 Object Identifier Tree(from ASN.1
Complete, J. Larmouth, Open Systems Solutions,
1999)
33
Questions?