CS计算机代考程序代写 DHCP algorithm Slide 1

Slide 1

Networking

Assigning host addresses
IPv4 and IPv6
1
© Janice Regan, 2018

Assigning host addresses
The next question is: Now we know what addresses are part of a network how do we assign those addresses to particular network hosts?
Static assignment
SLAAC, Automatic assignment (IPv6 only)
DHCP, dynamic assignment (details later)
DHCP with SLAAC (IPv6)

Adding routes
Along with addresses it is also possible to add routes, entries in a routing table that help us determine where packets should go

These routes can be added in more than one way
Static routes (added by administrators)
Dynamic routes (added by routing protocols)
Routes advertised in IPv6 router announcements
© Janice Regan, 2018
3

Static addresses and routes
Static addresses and routes are
Chosen by the administrator
Configured by the administrator by editing/creating configuration files on the host.
For LINUX static addresses for interfaces and static routes are usually configured in the /etc/network/interfaces file
© Janice Regan, 2018
4

Sample /etc/network/interfaces
# ipv4 configuration eth0
auto eth0
iface eth0 inet static
address 192.168.0.89
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.111

# static routes can be added here
© Janice Regan, 2018
5

What is being configured?
Configuring eth0 on red host (HA)
© Janice Regan, 2018
6

eth0
eth1
eth0
eth0
eth0
eth0
eth1
eth1
eth1
192.168.0.89
HA
HF
HE
HD
HC
HB/gateway
192.168.0.0 /24
192.168.0.111
eth1
eth1
192.168.0.222
192.168.4.0 /24

Content: /etc/network/interfaces
All lines containing comments in this configuration must begin with #
# ipv4 configuration eth0
The command
auto eth0
Causes the interface to be started when the host is booted
© Janice Regan, 2018
7

Content: /etc/network/interfaces
iface eth0 inet static

The command is iface
The logical name of the interface being configured is is eth0. It could also be eth1.2, tun1, lo,
The address family is inet (this means IPv4)
Could also be inet6 (this means IPv6) or IPX
The method of configuration is static
Could also be dynamic, manual, dhcp, v4tunnel, ipx …

Content: /etc/network/interfaces
#assigned IPv4 address for HA interface eth0
address 192.168.0.89

#mask indicating size of network (/24) attached to eth0 of HA
netmask 255.255.255.0

#network address for IPv4 network containing eth0 of HA
network 192.168.0.0

#network broadcast address for network 192.168.0.0/24
broadcast 192.168.0.255

Content: /etc/network/interfaces
The default route on host HA will send traffic through the gateway given in the gateway statement (optional). Without a gateway option no static default route will be added
gateway 192.168.0.111

This is only an example subsets of these options can be combined for different situations. For much more detail see the manual page and some examples
http://manpages.ubuntu.com/manpages/trusty/man5/interfaces.5.html
https://www.cyberciti.biz/faq/setting-up-an-network-interfaces-file/
© Janice Regan, 2018
10

Adding static routes
Static routes are also placed in the /etc/network/interfaces file.
Commands to create static routes leaving a host through eth0 should be placed in the same block of command that sets the addresses of eth0
© Janice Regan, 2018
11

Sample static route addition
post-up ip route add 192.168.4.0/24 via 192.168.0.222 dev eth0

192.168.4.0/24 is the destination network. Any packet with a destination address in this network (and not within a smaller network with a longer network address) will use this route. The destination network can be replaced with default to add a default route
192.168.0.222 is the address of the gateway router that is directly connected to the router sending the packet.
dev eth0 indicates the interface to leave the sending router by
post-up indicates that the route should be added after the interface has been otherwise initialized
© Janice Regan, 2018
12

Sample static route deletion
pre-down ip route del 192.168.4.0/24 via 192.168.0.222 dev eth0

192.168.4.0/24 is the destination network. Any packet with a destination address in this network (and not within a smaller network with a longer network address) will use this route.
192.168.0.222 is the address of the gateway router that is directly connected to the router sending the packet.
dev eth0 indicates the interface to leave the sending router by
pre-down indicates that the route should be deleted before the interface is disabled
PARAMETERS MUST MATCH STATEMENT CREATING ROUTE
© Janice Regan, 2018
13

Sample static route addition
post-up ip route add 192.168.4.0/24 via 192.168.0.222 dev eth0
pre-down ip route add 192.168.4.0/24 via 192.168.0.222 dev eth0
To add a static route to the routing table both the statements above need to be placed in the /etc/network/interfaces file after the description of the interface and the network it connects to. (next slide)
A stanza, or block of statements, like that shown on the next line will be placed in the /etc/network/interfaces file for each interface attached to the host

Sample /etc/network/interfaces
# ipv4 configuration eth0
auto eth0
iface eth0 inet static
address 192.168.0.89
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.111

post-up ip route add 192.168.4.0/24 via 192.168.0.222 dev eth0
pre-down ip route add 192.168.4.0/24 via 192.168.0.222 dev eth0
© Janice Regan, 2018
15

Static IPv6 addresses
The process for adding a static IPv6 addresses to an interface is similar to that for IPv4.
However, for IPv6 static routes are usually not added in the /etc/network/interfaces file. Instead they are added from the router advertisements the router receives.
© Janice Regan, 2018
16

Adding a static IPv6 address
# ipv6 configuration eth0
iface eth0 inet6 static
pre-up modprobe ipv6
address fdd0:8184:d967::c0a8:12
network fdd0:8184:d967::
netmask 64
© Janice Regan, 2018
17

Adding a static IPv6 address
# ipv6 configuration eth0
iface eth0 inet6 static
pre-up modprobe ipv6

The address family is now inet6 indicating we are adding an IPv6 address
modprobe ipv6 loads the ipv6 kernel module if it is not already loaded.

Adding a static IPv6 address
address fdd0:8184:d967::c0a8:12
network fdd0:8184:d967::
netmask 64

The netmask statement indicates there are 64 bits in the network mask for this network.
Note there is not default gateway for this interface
© Janice Regan, 2018
19

IPv6 automatic addresses
In large IPv6 addresses the system manual administration is not practical
Using DHCP (Dynamic host configuration protocol) requires that both the host and server remember the state of the lease
In IPv6 the is a new approach called SLAAC, Stateless Address Auto-configuration. There is no lease, no state information needs to be remembered, and hosts can configure their own addresses without administrator intervention

SLAAC
IPv6 hosts can configure their own addresses / routes based on information in router advertisements (messages) received periodically from one or more routers on the local network.
It is necessary to configure the process that sends the router announcements.
We will discuss point 1 then point 2
© Janice Regan, 2018
21

SLAAC: basic concept
Periodically a router attached to Network XX will send a router advertisement onto network XX.
In the router advertisement there will be one or more IPv6 prefixes provided
On each host on network XX SLAAC will determine an IPv6 global address with each provided prefix and assure that each of those addresses are unique
© Janice Regan, 2018
22

High level overview
Determining a SLAAC address
Extract a prefix from the router advertisement.
Follow one of three specified algorithms to determine an IPv6 global and / or link local address with that prefix
Check that the resulting IPv6 address is unique (not already used)
If it is unique use to address
© Janice Regan, 2018
23

SLAAC: 3 different approaches
RFC 2462: IPv6 Stateless Address Autoconfiguration
Creates an IPv6 address based the Ethernet address of the interface:
Does not expire
RFC 7217, 7943: A Method for Generating Semantically Opaque Interface Identifiers with SLAAC
Creates and IPv6 address based on a “random” sequence used instead of the Ethernet Address
RFC 4941: Privacy Extensions for Stateless Address Autoconfiguration
Creates IPv6 addresses valid for a finite time. Addresses are based on a “random” sequence (not the Ethernet Address)
Manages when addresses are created used removed

High level summary
SLAAC: using Ethernet Address
RFC 2462: IPv6 Stateless Address Autoconfiguration
For each prefix extracted from a router advertisement
Created a link local address (EUI-64 address)
Check to assure the link local address is unique on the network (use DAD, duplicate address detection)
Create a global address (EUI-64 address)
Check to assure the global address is unique on the network (use DAD, discussed in detail later)
© Janice Regan, 2018
25

OUI NIC

EUI Extended Unique Identifier
OUI Organizationally Unique address
NIC Interface specific portion, should be different for each interface
EUI-48 Ethernet address
© Janice Regan, 2018
26
00
7c
fd
83
af
cc

Generating an EUI-64 address
Step 1: Insert fffe between the OUI and NIC portions of the EUI-48 Ethernet addr
Step 2: Invert the 7th bit in leftmost pair of hexadecimal digits
0000 0000 becomes 0000 0010
Address becomes 02:7c:ff:fe:83:af:cc
© Janice Regan, 2018
27
00
7c
fd
83
af
cc
00
7c
fd
83
af
cc
ff
fe

Selecting EUI addresses
EUI addresses are no longer the default type of address.
How do we indicate that we want to use only EUI addresses?
We turn off privacy addresses (set some kernel runtime parameters)
ipv6.net.conf.default.use_tempaddr = 0
ipv6.net.conf.all.use_tempaddr = 0
ipv6.net.conf.eth1.use_tempaddr = 0
ipv6.net.conf.eth0.use_tempaddr = 0

Setting a kernel runtime parameter
You can obtain a list of kernel runtime parameters using the command sysctl –a
This will produce pages of output so pipe to more pipe to grep to filter
Change a runtime parameter using
sudo sysctl –w parameterName = value
For example to set for privacy addresses on
sudo sysctl –w ipv6.net.conf.eth1.use_tempaddr = 0

IF THE HOST IS RESTARTED THE CHANGE IS LOST
For a permanent change edit the file /etc/sysctl.conf
© Janice Regan, 2018
29

Deprecating EUI addresses
EUI addresses still used
A draft proposal to deprecate them was filed in 2013. It has not been accepted
IEEE documents already list the EUI addresses as deprecated

EXAMPLE
In the virtual lab
Network 17 (those hosts with eth1 IPv4 addresses of the form 172.17.xxx.xxx or 172.8017.xxx.xxxx, 0≤xxx≤255) uses EUI addresses for IPv6 addresses on each eth1 interface.
EUI link local addresses are created for all eth1 interfaces on network 17 or network 8017
EUI global addresses are created for prefixes advertised in router advertisements
fdd0:8184:d967:17::/64 (advertised by march)
fdd0:8184:d967:8017::/64 (advertised by december)

High level summary (1)
SLAAC: using random sequence
RFC 4941: Privacy Extensions for Stateless Address Autoconfiguration
For each prefix extracted from a router advertisement
Created a link local and global address EUI addresses in the same manner as the previous approach
Create a global address (privacy address)
Check to assure the global address is unique on the network (use DAD, discussed in detail later)
© Janice Regan, 2018
32

Privacy Extension addresses
How generate privacy addresses
Do not use Ethernet addresses as part of the automatic addresses generated for IPv6
The Ethernet based EUI address is replaced by a random sequence
Addresses have a lifetime and are deprecated after that lifetime and replaced with a new address
Deprecated address continue to be used by old connections. New connections use new addresses
© Janice Regan, 2018
33

Using Privacy Addresses
Privacy addresses are actually additional addresses in addition to the EUI addresses.
Privacy addresses are used for outward facing connections (connections requested by clients or traffic sent from clients)
Usually servers running on these hosts (if there were any) would need to have addresses that were constant over time and would likely use the EUI addresses (reducing the gain in security)
© Janice Regan, 2018
34

Why privacy addresses
For good discussions
introduction of RFC 4941
chapter 2 of RFC 4941,
Introduction of RFC 7217

Priority privacy or EUI
Which address will be used for which purpose: This is actually configurable
Can choose:
Give priority to privacy addresses for new outgoing conversations
Have privacy addresses to use when specifically requested but prefer the EUI addresses for all other communications

Priority privacy or EUI
How to configure use of privacy addresses:
Set kernel parameter ipv6.net.conf.default.use_tempaddr
Set value = 2: use and prefer privacy addresses
Set value = 1: use privacy addresses when requested
Set value = 0: do not use privacy addresses
Can set for Interface XX only by setting kernel parameter ipv6.net.conf.XX.use_tempaddr
Useful when you want different behavior on different interfaces
For the same behavior on all interfaces replace XX with all
© Janice Regan, 2018
37

Generate Random Sequence
© RFC 4941
38
Start with the value from the previous iteration of this algorithm (or a random value if there is no previous value) append to it the interface identifier generated as described in [ADDRARCH].
Compute the MD5 message digest [MD5] over the quantity created in the previous step.
Take the leftmost 64-bits of the MD5 digest and set bit 6 (the leftmost bit is numbered 0) to zero. This creates an interface identifier with the universal/local bit indicating local significance only.
Compare the generated identifier against a list of reserved interface identifiers and to those already assigned to an address on the local device. In the event that an unacceptable identifier has been generated, the node MUST restart the process at step 1 above, using the rightmost 64 bits of the MD5 digest obtained in step 2 in place of the history value in step 1. 5.
Save the generated identifier as the associated randomized interface identifier.
Take the rightmost 64-bits of the MD5 digest computed in step 2) and save them in stable storage as the history value to be used in the next iteration of the algorithm.

EXAMPLE
In the virtual lab
Network 18 (those hosts with eth1 IPv4 addresses of the form 172.18.xxx.xxx or 172.7018.xxx.xxxx, 0≤xxx≤255) uses both EUI addresses and privacy addreses for IPv6 addresses on each eth1 interface.
EUI link local addresses are created for all eth1 interfaces on network 18
Global EUI and privacy addresses are created for prefixes advertised in router advertisements
fdd0:8184:d967:18:/64 (advertised by february)
fdd0:8184:d967:8018::/64 (advertised by january)

SLAAC: 3 different approaches
RFC 7217, 7943: A Method for Generating Semantically Opaque Interface Identifiers with SLAAC
Creates and IPv6 address based on a “random” sequence used instead of the EUI address based on the Ethernet Address
Addresses remain the same over time
Addresses remain the same after reboot
Also applies to link local addresses

Approach
Compute a random but stable identifier (at boot time)
RID = F(prefix, iface, Network_ID … secret_key)
Parameters of F and form of F may be different for different OS
F is a pseudorandom function that depends on the host’s secret key and is difficult to reverse and produces a string of at least 64 bits
The interface identifier is the 64 least significant bits of the RID

Selecting Semantically opaque addresses
Semantically opaque addresses are now the default type of address.
How do we indicate that we want to use only Semantically opaque addresses?
We turn off privacy addresses (set some kernel runtime parameters)
ipv6.net.conf.default.use_tempaddr = 0
ipv6.net.conf.all.use_tempaddr = 0
ipv6.net.conf.eth1.use_tempaddr = 0
ipv6.net.conf.eth0.use_tempaddr = 0

Ubuntu 16.04 issue
There is a bug in this release (for wired interfaces)
Semantically opaque addresses are based on a prefix that is meant to be calculated and stored when the system is booted. It is not properly stored
It must be generated after the system is booted and stored in the dynamic kernel parameter
net.ipv6.conf.default.stable_secret
© Janice Regan, 2018
43

EXAMPLE
In the virtual lab
Network 19 (those hosts with eth1 IPv4 addresses of the form 172.19.xxx.xxx, 0≤xxx≤255) uses addreses for IPv6 addresses on each eth1 interface.
EUI link local addresses are created for all eth1 interfaces on network 19
Global EUI and privacy addresses are created for prefixes advertised in router advertisements
fdd0:8184:d967:19:/64 (advertised by march)

RADVD
Generation of router announcements will be discussed later (during the 2nd tutorial or soon after that date)
© Janice Regan, 2018
45

/docProps/thumbnail.jpeg

Related Posts