管理才能考核表ppt課件

1、DHCP, DNS, SNMPDebashis SahaMIS Group, IIM Calcuttadsiimcal.ac.in.First QuestionHow does your computer know which IP to use?How does your computer know that iimcal.ac.in is at IP ?How can you track your networks health?.The Internet and AddressingAll machines on the Internet are accessed via their I

2、P addressDotted quad: xxx.xxx.xxx.xxxProblem: IP addresses are hard to remember and hard to statically assign on large networksSolution: Need to come up with a way to automatically assign IP addresses and a text based representation of machine addresses instead of just 4 numbers.Addressing Solutions

3、Two protocols have been developed to solve these problemsDHCP automatic network configuration (including IP address)DNS translates textual based names into IP addresses and vice versa.DHCP Dynamic Host Configuration Protocol.DHCPAllows client machines to receive an IP address, DNS information, etc a

4、utomaticallyBefore DHCP came into use, users had to type in all this information by hand, which is bad:Easy to mistype something when entering by handManually changing network configuration every time you move your laptop is a painBootp resolved some of these issues and DHCP still uses the same port

5、 as bootp.Purpose of DHCPFrom RFC-2131 (the Internet standard): The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP consists of two components: a protocol for delivering host-specific configuration parameters fr

6、om a DHCP server to a host and a mechanism for allocation of network addresses to hosts.DHCP functional goalsA host without a valid IP address locates and communicates with a DHCP serverA DHCP server passes configuration parameters, including an IP address, to the hostThe DHCP server may dynamically

7、 allocate addresses to hosts and reuse addressesHosts can detect when they require a new IP addressUnavailability of DHCP server has minimal effect on operation of hosts.DHCP: BasicsA client leases an IP address from a DHCP server for a given amount of timeWhen lease expires, the client must ask DHC

8、P server for a new address (clients attempt to renew lease after 50% of the lease time has expired)Typical leases may last for from 30 seconds to 24 hours, or even longer.What does DHCP do?Provides protocol stack, application and other configuration parameters to hostsEliminates need for individual,

9、 manual configuration for hostsIncludes administrative controls for network administratorsBackward compatible packet format for BOOTP interoperation (RFC 1542)Can coexist with hosts that have pre-assigned IP addresses and hosts that do not participate in DHCP.Design GoalsEliminate manual configurati

10、on of hostsPrevent use of any IP address by more than one hostShould not require a server on every subnetAllow for multiple DHCP serversProvide a mechanism, not a policyProvide the same configuration - including IP address - to a host whenever possible.What can you do with DHCPPlug-and-playMove desk

11、top PCs between officesRenumberOther restructuring - change subnet masksMobile IP - laptopsMoving equipment - cartable.What DHCP doesnt doSupport multiple addresses per interfaceInform running host that parameters have changedPropagate new addresses to DNSSupport inter-server communicationProvide au

12、thenticated message deliveryConfigure routers and other network equipmentDesign network addressing planDetermine other configuration parametersLocate other servers.DHCP: Messages OverviewSeveral messages are sent back and forth between a client and the DHCP server before it can successfully obtain a

13、n IP address.DHCP: DISCOVERHardcoding the addresses of DHCP servers kind of defeats the purpose of automatic configurationSolution: A client using DHCP will broadcast a DISCOVER message to all computers on its subnet (addr 55) to figure out the IP address of any DHCP serversMost routers are configur

14、ed to pass this request within the campus or enterprise.DHCP: OFFER(Optionally) sent from server in response to a DISCOVERContains an IP address, other configuration information as well (subnet mask, DNS servers, default gateway, search domains, etc)Note that all DHCP servers that receive a DISCOVER

15、 request may send an OFFER; since a client typically does not need more than one IP address, more messages needed to zero on one IP.DHCP: REQUESTSent by client to request a certain IP addressUsually the one sent by an OFFER, but also used to renew leases. Also can be sent to try to get same address

16、after a rebootThis message is broadcastMost OSs by default will send a REQUEST for the first OFFER they receive this means that if there is a rogue DHCP server on your subnet, most clients will ignore the OFFERs from the campus DHCP servers (since the OFFER from the rogue server gets to the users PC

17、 first)!.DHCP: ACK/NACKSent by server in response to a REQUESTACK: Request accepted, client can start using the IP it REQUESTedNACK: Something is wrong with the clients REQUEST (for example they requested an IP address theyre not supposed to have).DHCP: RELEASESent by client to end a leaseNot strict

18、ly required, but is the “polite thing to do if done with the IP (could just let the lease expire)Some clients may not send RELEASEs in an attempt to keep the same IP address for as long as possible.DHCP: Big Picture.SummaryDHCP works today as a tool for automatic configuration of TCP/IP hostsIt is a

19、n open Internet standard and interoperable client implementations are widely availableProvides automation for routine configuration tasks, once network architect has configured network and addressing planOngoing work will extend DHCP with authentication, DHCP-DNS interaction and inter-server communi

20、cation.DHCP: ConclusionEfficient way of assigning computers IP addresses and delivering configuration information to those computersDoes not solve other problem of addressing that IP addresses are hard to remember.IETF standardsFormal process for development, review and acceptance of TCP/IP protocol

21、 suite standardsInitial specifications published as Internet Drafts (I-Ds)Accepted specifications published as Request for Comments (RFCs).Protocol statusDHCP has been accepted as a Draft Standard; the specifications are published in:RFC 2131: Dynamic Host Configuration ProtocolRFC 2132: DHCP Option

22、s and BOOTP Vendor ExtensionsSeveral additional options are in development.Implementation statusDHCP is an open standard, with freely available specificationsCan be (and has been) implemented entirely from the specificationCommercial implementations are widely availableNon-commerical implementations

23、 are also available.DHCP ResourcesCompilation of DHCP-related WWW links and other information: DHCP FAQ (maintained by John Wobus)dhcp-v4 mailing list (admin requests to listserv)IETF information can be retrieved from:ietfri.reston.va.usI-Ds and RFCs can also be retrieved from:.DNS Domain Name Syste

24、m.Second QuestionHow does your computer know which IP to use?How does your computer know that iimcal.ac.in is at IP ?How can you track your networks health?.Domain Name System (DNS)The first IP networks distributed host files on a regular basisThis became a burden and an automated distributed soluti

25、on was neededIP Addresses are great for computersIP address includes information used for routing.IP addresses are tough for humans to remember.IP addresses are impossible to guess.ever guessed at the name of a WWW site?.HostnamesDNS is bornDomain names comprise a hierarchy so that names are unique,

26、 yet easy to remember.The domain name system is usually used to translate a host name into an IP address .Ex: IP 81 (which one would you rather remember?).DNS: BasicsHierarchical namespaceDistributed system very few core serversStores other information than simple hostname IP mappingsRequest/respons

27、e protocol.DNS Hierarchyeducomorginrpialbanyaciimcal.Host name structureEach host name is made up of a sequence of labels separated by periods.Each label can be up to 63 charactersThe total name can be at most 255 characters.Examples:barney.the.purple.dinosaur.Domain NameThe domain name for a host i

28、s the sequence of labels that lead from the host (leaf node in the naming tree) to the top of the worldwide naming tree.A domain is a subtree of the worldwide naming tree.Hierarchical Namingcomedugovmilnetorgusarpacolordaocsfoobar.Top level domainsedu, gov, com, net, org, mil, Countries each have a

29、top level domain (2 letter domain name).Such as .in, .uk, .it, etc.New top level domains include:.aero .biz .coop .info .name .pro.Domain Naming Systemeducomharvard mithbseewwwphysicscisco yahoonasa nsfarpa navyacm ieeegovmilorgnetukfr.DNS: ArchitectureDNS servers are responsible for one or more dom

30、ains of any level“Root servers are maintained throughout the world (one is in Palo Alto) and are responsible for all of the top-level domainsWhen you register a domain, an entry for that domain is added to the appropriate root serverOwners of each regular domain or subdomain maintain (or outsource)

31、their own DNS servers containing the correct information.Name ServersPartition hierarchy into zoneseducomprinceton mitcseeux01ux04physicscisco yahoonasa nsfarpa navyacm ieeegovmilorgnetukfrRootname serverPrincetonname serverCisconame serverCSname serverEEname serverEach zone implements two or more n

32、ame servers Primarysecondary.Hierarchical Administration - “Zonesarpacomingovmilnetorgusarpaaciimcalwwwiimcal.ac.in.Administration - ZonesA zone is a subtree of the DNS tree that is independently managedSecond-level domains (“ac.in) are usually an independent zoneMost sub-domains (“iimcal.ac.in) are

33、 also independent.A zone must provide multiple name servers. This server records the members in the domain.You typically need a primary name server and one or more secondary name servers.Secondary retrieves information from primary using a zone transfer.Resolving an addressA.C.D wants to know about

34、F.E.DACDEGBFHHost “A.C.D asks “B.C.D (the local name server) to resolve “F.E.DName servers.Resolving an addressB.C.D doesnt know the answer. It wants to ask the primary domain server for the “E.D domain, so it asks the parent of the “B.C domain (“D in this example) to resolve “E.D.D asks H, the root

35、 server. H doesnt know the answer, but its the top-level domain and knows that “G.E.D is the primary domain server for the “E.D domainB.C.D now knows the primary domain server for the E.D domain, and can now ask “G.E.D about “F.E.D.Domain serversWhat kind of records can be requested for a given doma

36、in?Address translationCaching informationMail server informationAuthoritative nameserver informationHow is this data requested?Each record has a type and certain data associated with it clients request records of a certain type from a server.DNS OrganizationDistributed DatabaseThe organization that

37、owns a domain name is responsible for running a DNS server that can provide the mapping between hostnames within the domain to IP addresses.So - some machine run by RPI is responsible for everything within the domain.DNS DBDNS DBDNS Distributed DatabaseThere is one primary server for a domain, and t

38、ypically a number of secondary servers containing replicated databases.DNS DBAuthoritativeDNS DBReplicas DNS server.DNS ClientsA DNS client is called a resolver.A call to gethostbyname()is handled by a resolver (typically part of the client).Most Unix workstations have the file /etc/resolv.conf that

39、 contains the local domain and the addresses of DNS servers for that domain./etc/resolv.confdomain .nslookupnslookup is an interactive resolver that allows the user to communicate directly with a DNS server.nslookup is usually available on Unix workstations. (dig and host are also DNS clients).DNS S

40、erversServers handle requests for their domain directly.Servers handle requests for other domains by contacting remote DNS server(s).Servers cache external mappings.Server - Server CommunicationIf a server is asked to provide the mapping for a host outside its domain (and the mapping is not in the s

41、erver cache):The server finds a nameserver for the target domain.The server asks the nameserver to provide the host name to IP translation.To find the right nameserver, use DNS!.DNS DataDNS databases contain more than just hostname-to-address records:Name server recordsNSHostname aliases CNAMEMail E

42、xchangersMXHost InformationHINFO.The Root DNS ServerThe root server needs to know the address of 1st (and many 2nd) level domain comorgjpalbanyrpi.Server Operation If a server has no clue about where to find the address for a hostname, ask the root server.The root server will tell you

43、 what nameserver to contact.A request may get forwarded a few times.DNS Message Format.DNS Message Headerquery identifierflags# of questions# of RRs# of authority RRs# of additional RRs16 bit fieldsResponse.Message FlagsQR: Query=0, Response=1AA: Authoritative AnswerTC: response truncated ( 512 byte

44、s)RD: recursion desiredRA: recursion availablercode: return code.RecursionA request can indicate that recursion is desired - this tells the server to find out the answer (possibly by contacting other servers).If recursion is not requested - the response may be a list of other name servers to contact

45、.Question FormatName: domain name (or IP address)Query type (A, NS, MX, )Query class (1 for IP).Response Resource RecordDomain NameResponse type Class (IP)Time to live (in seconds) Length of resource data Resource data.UDP & TCPBoth UDP and TCP are used:TCP for transfers of entire database to second

46、ary servers (replication).UDP for lookupsIf more than 512 bytes in response - requestor resubmits request using TCP.Lots moreThis is not a complete description ! If interested - look at:RFC 1034: DNS concepts and facilities.RFC 1035: DNS implementation and protocol specification.play with nslookup.L

47、ook at code for BIND (DNS server code).Name to Address ConversionThere is a library of functions that act as DNS client (resolver).you dont need to write DNS client code to use DNS!With some OSs you need to explicitly link with the DNS resolver library:-lnsl (nsl is “Name Server Library)Suns (Solari

48、s) need this!.DNS library functionsgethostbynamegethostbyaddrgethostbyname2IPV6!.gethostbynamestruct hostent *gethostbyname( const char *hostname);struct hostent is defined in netdb.h:#include .struct hostentstruct hostent char *h_name;char *h_aliases; int h_addrtype;int h_length;char *h_addr_list;o

49、fficial name (canonical)other namesAF_INET or AF_INET6address length (4 or 16) array of ptrs to addresses.hostent pictureh_nameh_aliasesh_addrtypeh_lengthh_addr_listOfficial Namealias 1alias 2nullIP address 1IP address 2null.Which Address?On success, gethostbyname returns the address of a hostent th

50、at has been created.has an array of ptrs to IP addressesUsually use the first one:#define h_addr h_addr_list0.gethostbyname and errorsOn error gethostbyname return null.Gethostbyname sets the global variable h_errno to indicate the exact error:HOST_NOT_FOUNDTRY_AGAINNO_RECOVERYNO_DATANO_ADDRESSAll defined in netdb.h.Getting at the address:char *h_addr_list;h = gethostbyname(joe);sockaddr.sin_addr.s_addr = *(h-h_addr_list0); This wont work!h_addr_list0 is a char* !.Using memcpyYou can copy the 4 bytes (IPv4) directly: