Managing Dynamic IP Networks Paul T. Ammann McGraw-Hill New York San Francisco Washington, D.C. Auckland Bogota Caracas Lisbon London Madrid Mexico City Milan Montreal New Delhi San Juan Singapore Sydney Tokyo Toronto
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
McGraw-Hill New York San Francisco Washington, D.C.
Auckland Bogota Caracas Lisbon London Madrid Mexico City Milan Montreal New Delhi San Juan
Singapore Sydney Tokyo Toronto
Network Protocols 2 IP Addresses 3
IP Subnets 6 IP Routing 10 Assigning IP Addresses 1 1 Name Servers 1 1
Applications That Use TCP/IP 13 Other TCP/IP Terms 13 Related Publications 15
Chapter 2 DHCP Concepts and Overview 17
BOOTP the Predecessor of DHCP 18 DHCP Overview 19 How Does DHCP Work? 21
How Is Configuration Information Acquired? 21
How Are Leases Renewed? 26
What Happens When a Client Moves Out of Its Subnet? 26
How Are Changes Implemented in the Network? 27 What Are BOOTP/DHCP Relay Agents? 28 IP Address Pools 28 Multiple Subnets per Pool 29 Multiple Pools per Subnet 30
Client Identification 30 MAC Address as Qualifier 31 Client ID as Qualifier 32 User Class ID as Qualifier 33 Qualification from Vendor Extensions 33 Qualification from Relay Agents 34 Multiple Qualifiers 36
Server Administration 36 Server Installation 37 Database Initialization 37
Runtime Database Manipulation 38
DHCP Server Availability DHCP Reliability Redundant DHCP Server Scenarios
DHCP in IPv6 Differences between DHCPv6 and DHCFV4
Summary
Serving Names
Why Names? What Is a Domain Name System (DNS)? Domain vs. Zone of Authority
Differentiating Name Servers Static Name Servers
Dynamic Name Servers Primary Name Servers Secondary Name Servers
Master Name Servers Caching-Only Name Servers
Authoritative Name Servers
Parent and Child Name Servers Root Name Servers Forwarders Firewall Name Servers
Record Types Resolvers
BIND's Treatment of DNS Database Entries
What Is Dynamic IP? Dynamic Domain Name System (DDNS) What Does Dynamic IP Provide? How Does Dynamic IP Work? Configuring for Network Availability
Enabling Host Mobility Securing Your Dynamic IP Network
How Dynamic Addressing Is Made Usable with DDNS
NetBIOS Name Servers
48
49
58 58 58 59
NetBIOS Naming
Name Database Distributed Database
Centralized Database
NBNS Design Criteria High Performance
Standard Hardware Platform Dedicated Server Fast Response Time High Capacity
Reliability Load Balancing Scalability
Remote Management Database Validation
NBNS Implementations Microsoft WINS
Network TeleSystems Shadow IPserver
98 98 98 99 99
101 101
103 104
Interior Gateway Protocols (IGPs) Routing Information Protocol (RIP) RIPng for IPv6 Open Shortest Path First (OSPF)
Exterior Routing Protocols
References
Mobile IP
Mobile IP Overview Mobile IP Operation Mobile IP Registration Process Tunneling
Broadcast Datagrams Move Detection Address Resolution Protocol (ARP) Considerations
Mobile IP Security Considerations Mobile IP and Routers
Background Emerging Examples Where Mobile IP Is
Applicable Detailed Protocol Overview
Security Trade-Off 194 RSA Public Key Authentication System 194 Presecured Domain 198 ProxyArec Considerations 198
ProxyArec and Option 81 201
Securing Lease Allocations 202 Preventing Access to Unauthorized Devices 202 "Rogue" DHCP Servers 203 Connecting to Untrusted Networks—Firewalls 203 Connecting through Untrusted Networks—VPN 205 TFTP Security 206
Contents VII
Chapter 8
Chapter 9
Chapter 10
Severed Connections
Facility Loss Router Outages DHCP Server Problems Name Server Difficulties Other Server Vulnerabilities
Client Failures AIX and UNIX Features
Shadow IPserver Features
. Choosing a Lease Time
The ping Command
Troubleshooting TCP/IP Networks
Prerequisites for Troubleshooting A Bottom-Up Approach
Tuning TCP/IP Networks An Approach to Tuning Your Network TCP/IP Tuning Parameters
Bandwidth Efficiency Broadcast Traffic RSVP
Communications Server
211 212
223 223 224
Viii Contents
Integrated Services 243 Service Classes 246 The Reservation Protocol (RSVP) 250 The Future of Integrated Services 261
Differentiated Services 263 Differentiated Services Architecture 264 Using RSVP with Differentiated Services 273 Configuration and Administration of DS
Components with LDAP 275 Using Differentiated Services with IPSec 276 Internet Drafts on Differentiated Services 277
References 278
IPv6 Overview 281 The IPv6 Header Format 281
Packet Sizes 285
Extension Headers 285 IPv6 Addressing 292 Priority 298 Flow Labels 298
Internet Control Message Protocol Version 6 (ICMPv6) 299
Neighbor Discovery 300 Stateless Address Autoconfiguration 310 Multicast Listener Discovery (MLD) 31 1
DNS in IPv6 314 Format of IPv6 Resource Records 315
DHCP in IPv6 318 Differences between DHCPv6 and DHCPv4 318 DHCPv6 Messages 319
Mobility Support in IPv6 320 Internet Transition: Migrating from IPv4 to IPv6 320
Dual IP Stack Implementation: The IFV6/IPv4 Node 321
Tunneling 322 Header Translation 329 Interoperability Summary 329
The Drive toward IPv6 330 References 331
Contents IX
Simpi.ifying DNS Management with the Cisco Domain Name Manager Server
Updating DNS Via the Cisco DHCP/BootP Server Supporting Multiple Logical Networks on the Same Physical Network
Service Management Supporting Servers Service Configuration Manager
Competitive Automations JOIN BootP DHCP and DDNS
BooTP
Traditional BootP Dynamic BootP Finite BootP BootP Service: Details Server Logic
How JOIN Resolves a Client Configuration Dynamic Naming Naming the Client
VLSM Fixed Length vs. VLSM Addrmask
JOIN DHCP/DDNS Features Platforms
Lucent QIP Enterprise 5.0 Automating IP Services, Management Regulate User Access with Innovative
Profiling Capabilities Eliminate Major Causes of Network Failure Exceed Industry Standards with High- Performance Servers
Centralize Network Configuration and Planning
333
334
338 341
358 359
Bay Networks' NetID
Benefits Features NetID Architecture System Requirements
MetaInfos Meta IP Features and Benefits of Meta IP Extending Security
Meta DHCP Meta DNS User-to-Address Mapping Multiplatform Support Meta IP Solutions
System Requirements
363 368 372 372 374 377 379 379 380 383 382 385 387 389 390 392
DHCP Options (RFC 2132) 393
A. 1 Introduction 393
A.2 DHCP and BootP Options 394 A.2.1 Options 0 and 255: Pad and End 394 A.2.2 Option 1: Subnet Mask 394 A.2.3 Option 2: Time Offset 395
A.2.4 Option 3: Router 395 A.2.5 Option 4: Time Server 395 A.2.6 Option 5: IEN 116 (Old) Name Server 395 A.2.7 Option 6: Domain Name Server 396 A.2.8 Option 7: Log Server 396 A.2.9 Option 8: Cookie Server 396 A.2.10 Option 9: LPR Server 397
A.2.1 1 Option 10: Impress Server 397 A.2.12 Option 1 1: Resource Location Server 397 A.2.13 Option 12: Host Name 398 A.2.14 Option 13: Boot File Size 398 A.2.1 5 Option 14: Merit Dump File 398
A.2.16 Option 15: Domain Name 398 A.2.17 Option 16: Swap Server 399 A.2.18 Option 17: Root Path 399 A.2.19 Option 18: Extensions Path 399 A.2.20 Option 19: IP Forwarding Enable/
Disable 400
Contents XI
A.2.21 Option 20: Non-Local Source Routing Enable/Disable 400
A.2.22 Option 2 1 : Policy Filter 400 A.2.23 Option 22: Maximum Datagram
Reassembly Size 401
A.2.24 Option 23: Default IP Time-to-Live 401 A.2.25 Option 24: Path MTU Aging Timeout 401 A.2.26 Option 25: Path MTU Plateau Table 402 A.2.27 Option 26: Interface MTU 402 A.2.28 Option 27: All Subnets Are Local 402 A.2.29 Option 28: Broadcast Address 403 A.2.30 Option 29: Perform Mask Discovery 403 A.2.31 Option 30: Mask Supplier 403
A.2.32 Option 3 1 : Perform Router Discovery 403 A.2.33 Option 32: Router Solicitation Address 404
A.2.34 Option 33: Static Route 404 A.2.35 Option 34: Trailer Encapsulation 404
A.2.36 Option 35: ARP Cache Timeout 405 A.2.37 Option 36: Ethernet Encapsulation 405 A.2.38 Option 37: TCP Default Time-to-Live 405 A.2.39 Option 38: TCP Keep-Alive Interval 406 A.2.40 Option 39: TCP Keep-Alive Garbage 406 A.2.41 Option 40: Network Information
Service Domain 406 A.2.42 Option 4 1 : NIS Server 407 A.2.43 Option 42: Network Time Protocol
Server 407 A.2.44 Option 43: Vendor-Specific Information 407 A.2.45 Option 44: NetBIOS over TCP/IP Name
Server Option 408 A.2.46 Option 45: NetBIOS over TCP/IP
Datagram Distribution Server 409 A.2.47 Option 46: NetBIOS over TCP/IP
Node Type 409 A.2.48 Option 47: NetBIOS over
TCP/IP Scope 409 A.2.49 Option 48: X Window System Font
Server Option 410 A.2.50 Option 49: X Window System Display
Manager 410
xii Contents
A.2.51 A.2.52
A.2.53 A.2.54
NIS+ Domain 410 S+ Server 411
Mobile IP Home Agent 41 1 Simple Mail Transport
Protocol (SMTP) Server 411 A.2.55 Option 70: Post Office Protocol
(POP3) Server 412 A.2.56 Option 71 : Network News Transport
Protocol (NNTP) Server 412 A.2.57 Option 72: Default World Wide Web
(WWW) Server 412
A.2.58 Option 73: Default Finger Server 413 A.2.59 Option 74: Default Internet Relay
Chat (IRC) Server 413 A.2.60 Option 75: StreetTalk Server 413 A.2.61 Option 76: StreetTalk Directory
Assistance (STDA) Server 413 A.3 DHCP-Only Options 414
A.3.1 Option 50: Requested IP Address 414 A.3.2 Option 51 : IP Address Lease Time 414
A.3.3 Option 52: Option Overload 415 A.3.4 Option 53: DHCP Message Type 415 A.3.5 Option 54: Server Identifier 415 A.3.6 Option 55: Parameter Request List 416 A.3.7 Option 56: Message 416 A.3.8 Option 57: Maximum DHCP
Message Size 417 A.3.9 Option 58: Renewal (Tl) Time Value 417 A.3.10 Option 59: Rebinding (T2) Time Value 417 A.3.1 1 Option 60: Vendor Class Identifier 418 A. 3.12 Option 61 : Client Identifier 418 A.3.13 Option 66: TFTP Server Name 419 A.3.14 Option 67: Boot File Name 419
A.4 Unofficial DHCP Options 419
A.5 Options Supported by Popular Operating
Systems 421 A. 5.1 Servers 421 A.5.2 Clients 422
Index 423
Auckland Bogota Caracas Lisbon London Madrid Mexico City Milan Montreal New Delhi San Juan
Singapore Sydney Tokyo Toronto
Network Protocols 2 IP Addresses 3
IP Subnets 6 IP Routing 10 Assigning IP Addresses 1 1 Name Servers 1 1
Applications That Use TCP/IP 13 Other TCP/IP Terms 13 Related Publications 15
Chapter 2 DHCP Concepts and Overview 17
BOOTP the Predecessor of DHCP 18 DHCP Overview 19 How Does DHCP Work? 21
How Is Configuration Information Acquired? 21
How Are Leases Renewed? 26
What Happens When a Client Moves Out of Its Subnet? 26
How Are Changes Implemented in the Network? 27 What Are BOOTP/DHCP Relay Agents? 28 IP Address Pools 28 Multiple Subnets per Pool 29 Multiple Pools per Subnet 30
Client Identification 30 MAC Address as Qualifier 31 Client ID as Qualifier 32 User Class ID as Qualifier 33 Qualification from Vendor Extensions 33 Qualification from Relay Agents 34 Multiple Qualifiers 36
Server Administration 36 Server Installation 37 Database Initialization 37
Runtime Database Manipulation 38
DHCP Server Availability DHCP Reliability Redundant DHCP Server Scenarios
DHCP in IPv6 Differences between DHCPv6 and DHCFV4
Summary
Serving Names
Why Names? What Is a Domain Name System (DNS)? Domain vs. Zone of Authority
Differentiating Name Servers Static Name Servers
Dynamic Name Servers Primary Name Servers Secondary Name Servers
Master Name Servers Caching-Only Name Servers
Authoritative Name Servers
Parent and Child Name Servers Root Name Servers Forwarders Firewall Name Servers
Record Types Resolvers
BIND's Treatment of DNS Database Entries
What Is Dynamic IP? Dynamic Domain Name System (DDNS) What Does Dynamic IP Provide? How Does Dynamic IP Work? Configuring for Network Availability
Enabling Host Mobility Securing Your Dynamic IP Network
How Dynamic Addressing Is Made Usable with DDNS
NetBIOS Name Servers
48
49
58 58 58 59
NetBIOS Naming
Name Database Distributed Database
Centralized Database
NBNS Design Criteria High Performance
Standard Hardware Platform Dedicated Server Fast Response Time High Capacity
Reliability Load Balancing Scalability
Remote Management Database Validation
NBNS Implementations Microsoft WINS
Network TeleSystems Shadow IPserver
98 98 98 99 99
101 101
103 104
Interior Gateway Protocols (IGPs) Routing Information Protocol (RIP) RIPng for IPv6 Open Shortest Path First (OSPF)
Exterior Routing Protocols
References
Mobile IP
Mobile IP Overview Mobile IP Operation Mobile IP Registration Process Tunneling
Broadcast Datagrams Move Detection Address Resolution Protocol (ARP) Considerations
Mobile IP Security Considerations Mobile IP and Routers
Background Emerging Examples Where Mobile IP Is
Applicable Detailed Protocol Overview
Security Trade-Off 194 RSA Public Key Authentication System 194 Presecured Domain 198 ProxyArec Considerations 198
ProxyArec and Option 81 201
Securing Lease Allocations 202 Preventing Access to Unauthorized Devices 202 "Rogue" DHCP Servers 203 Connecting to Untrusted Networks—Firewalls 203 Connecting through Untrusted Networks—VPN 205 TFTP Security 206
Contents VII
Chapter 8
Chapter 9
Chapter 10
Severed Connections
Facility Loss Router Outages DHCP Server Problems Name Server Difficulties Other Server Vulnerabilities
Client Failures AIX and UNIX Features
Shadow IPserver Features
. Choosing a Lease Time
The ping Command
Troubleshooting TCP/IP Networks
Prerequisites for Troubleshooting A Bottom-Up Approach
Tuning TCP/IP Networks An Approach to Tuning Your Network TCP/IP Tuning Parameters
Bandwidth Efficiency Broadcast Traffic RSVP
Communications Server
211 212
223 223 224
Viii Contents
Integrated Services 243 Service Classes 246 The Reservation Protocol (RSVP) 250 The Future of Integrated Services 261
Differentiated Services 263 Differentiated Services Architecture 264 Using RSVP with Differentiated Services 273 Configuration and Administration of DS
Components with LDAP 275 Using Differentiated Services with IPSec 276 Internet Drafts on Differentiated Services 277
References 278
IPv6 Overview 281 The IPv6 Header Format 281
Packet Sizes 285
Extension Headers 285 IPv6 Addressing 292 Priority 298 Flow Labels 298
Internet Control Message Protocol Version 6 (ICMPv6) 299
Neighbor Discovery 300 Stateless Address Autoconfiguration 310 Multicast Listener Discovery (MLD) 31 1
DNS in IPv6 314 Format of IPv6 Resource Records 315
DHCP in IPv6 318 Differences between DHCPv6 and DHCPv4 318 DHCPv6 Messages 319
Mobility Support in IPv6 320 Internet Transition: Migrating from IPv4 to IPv6 320
Dual IP Stack Implementation: The IFV6/IPv4 Node 321
Tunneling 322 Header Translation 329 Interoperability Summary 329
The Drive toward IPv6 330 References 331
Contents IX
Simpi.ifying DNS Management with the Cisco Domain Name Manager Server
Updating DNS Via the Cisco DHCP/BootP Server Supporting Multiple Logical Networks on the Same Physical Network
Service Management Supporting Servers Service Configuration Manager
Competitive Automations JOIN BootP DHCP and DDNS
BooTP
Traditional BootP Dynamic BootP Finite BootP BootP Service: Details Server Logic
How JOIN Resolves a Client Configuration Dynamic Naming Naming the Client
VLSM Fixed Length vs. VLSM Addrmask
JOIN DHCP/DDNS Features Platforms
Lucent QIP Enterprise 5.0 Automating IP Services, Management Regulate User Access with Innovative
Profiling Capabilities Eliminate Major Causes of Network Failure Exceed Industry Standards with High- Performance Servers
Centralize Network Configuration and Planning
333
334
338 341
358 359
Bay Networks' NetID
Benefits Features NetID Architecture System Requirements
MetaInfos Meta IP Features and Benefits of Meta IP Extending Security
Meta DHCP Meta DNS User-to-Address Mapping Multiplatform Support Meta IP Solutions
System Requirements
363 368 372 372 374 377 379 379 380 383 382 385 387 389 390 392
DHCP Options (RFC 2132) 393
A. 1 Introduction 393
A.2 DHCP and BootP Options 394 A.2.1 Options 0 and 255: Pad and End 394 A.2.2 Option 1: Subnet Mask 394 A.2.3 Option 2: Time Offset 395
A.2.4 Option 3: Router 395 A.2.5 Option 4: Time Server 395 A.2.6 Option 5: IEN 116 (Old) Name Server 395 A.2.7 Option 6: Domain Name Server 396 A.2.8 Option 7: Log Server 396 A.2.9 Option 8: Cookie Server 396 A.2.10 Option 9: LPR Server 397
A.2.1 1 Option 10: Impress Server 397 A.2.12 Option 1 1: Resource Location Server 397 A.2.13 Option 12: Host Name 398 A.2.14 Option 13: Boot File Size 398 A.2.1 5 Option 14: Merit Dump File 398
A.2.16 Option 15: Domain Name 398 A.2.17 Option 16: Swap Server 399 A.2.18 Option 17: Root Path 399 A.2.19 Option 18: Extensions Path 399 A.2.20 Option 19: IP Forwarding Enable/
Disable 400
Contents XI
A.2.21 Option 20: Non-Local Source Routing Enable/Disable 400
A.2.22 Option 2 1 : Policy Filter 400 A.2.23 Option 22: Maximum Datagram
Reassembly Size 401
A.2.24 Option 23: Default IP Time-to-Live 401 A.2.25 Option 24: Path MTU Aging Timeout 401 A.2.26 Option 25: Path MTU Plateau Table 402 A.2.27 Option 26: Interface MTU 402 A.2.28 Option 27: All Subnets Are Local 402 A.2.29 Option 28: Broadcast Address 403 A.2.30 Option 29: Perform Mask Discovery 403 A.2.31 Option 30: Mask Supplier 403
A.2.32 Option 3 1 : Perform Router Discovery 403 A.2.33 Option 32: Router Solicitation Address 404
A.2.34 Option 33: Static Route 404 A.2.35 Option 34: Trailer Encapsulation 404
A.2.36 Option 35: ARP Cache Timeout 405 A.2.37 Option 36: Ethernet Encapsulation 405 A.2.38 Option 37: TCP Default Time-to-Live 405 A.2.39 Option 38: TCP Keep-Alive Interval 406 A.2.40 Option 39: TCP Keep-Alive Garbage 406 A.2.41 Option 40: Network Information
Service Domain 406 A.2.42 Option 4 1 : NIS Server 407 A.2.43 Option 42: Network Time Protocol
Server 407 A.2.44 Option 43: Vendor-Specific Information 407 A.2.45 Option 44: NetBIOS over TCP/IP Name
Server Option 408 A.2.46 Option 45: NetBIOS over TCP/IP
Datagram Distribution Server 409 A.2.47 Option 46: NetBIOS over TCP/IP
Node Type 409 A.2.48 Option 47: NetBIOS over
TCP/IP Scope 409 A.2.49 Option 48: X Window System Font
Server Option 410 A.2.50 Option 49: X Window System Display
Manager 410
xii Contents
A.2.51 A.2.52
A.2.53 A.2.54
NIS+ Domain 410 S+ Server 411
Mobile IP Home Agent 41 1 Simple Mail Transport
Protocol (SMTP) Server 411 A.2.55 Option 70: Post Office Protocol
(POP3) Server 412 A.2.56 Option 71 : Network News Transport
Protocol (NNTP) Server 412 A.2.57 Option 72: Default World Wide Web
(WWW) Server 412
A.2.58 Option 73: Default Finger Server 413 A.2.59 Option 74: Default Internet Relay
Chat (IRC) Server 413 A.2.60 Option 75: StreetTalk Server 413 A.2.61 Option 76: StreetTalk Directory
Assistance (STDA) Server 413 A.3 DHCP-Only Options 414
A.3.1 Option 50: Requested IP Address 414 A.3.2 Option 51 : IP Address Lease Time 414
A.3.3 Option 52: Option Overload 415 A.3.4 Option 53: DHCP Message Type 415 A.3.5 Option 54: Server Identifier 415 A.3.6 Option 55: Parameter Request List 416 A.3.7 Option 56: Message 416 A.3.8 Option 57: Maximum DHCP
Message Size 417 A.3.9 Option 58: Renewal (Tl) Time Value 417 A.3.10 Option 59: Rebinding (T2) Time Value 417 A.3.1 1 Option 60: Vendor Class Identifier 418 A. 3.12 Option 61 : Client Identifier 418 A.3.13 Option 66: TFTP Server Name 419 A.3.14 Option 67: Boot File Name 419
A.4 Unofficial DHCP Options 419
A.5 Options Supported by Popular Operating
Systems 421 A. 5.1 Servers 421 A.5.2 Clients 422
Index 423
Related Documents
