Chuong 4- MMT- Ha Tang Mang IP- Last

Bg. Mng My Tnh - Gv. NTPDung

Chng 4. H tng c s mng IP1. ARP Nhim v &chc nng Cc tin trnh hat ng 2. DNS nh ngha Thnh phn chc nng C ch phn gii 3. R-ARP/ DHCP Nhim v & chc nng BOOT - Bootstrap DHCP & Cc tin trnh hat ng 4. nh tuyn IP

Cc dch v h tng IP1. Cc dch v phn gii a ch: Domain Name System DNS: phn gii tn v a ch. R-ARP ch nh a ch IP khi bit a ch MAC ca h thng. Giao thc cu hnh t ng (Dynamic host configuration protocol-DHCP) ARP nhn din a ch MAC cn gi n khi bit a ch IP ca ch n. 2. ICMP, IGMP: Cc dch v h tr iu khin truyn IP: ICMP (Internet Control Message Protocol), IGMP (Internet Group Message Protocol) 3. nh tuyn lin mng: Internet routing (Intra-domain and interdomain) 4. Security: NAT, Packet filter, Proxy (firewall)

Lu hnh ni b ptithcm.edu.vn

1


Cc loi nhn din a ch truyn thngHost name (e.g., www.cnn.com) Thch hp vi con ngi Thng tin v tn n gin v c th ca mt t chc hay c nhn. Cu trc tn phn cp, c th thay i (ch v s) a ch IP (e.g., 64.236.16.20) Thch hp vi thit b truyn thng: routers v host 4 buyte (32 bits ) a ch MAC (e.g., 00-15-C5-49-04-A9) S dng trong phm vi mt link- (broadcast domain) Tch hp trong phn cng v l gi tr duy nht. 48 bits; flat address

Tham chiu gia cc loi thng tin nhn dinDomain Name System (DNS) Host Name a ch IP. a ch IP Host name. Dynamic Host Configuration Protocol (DHCP) MAC-address IP address. Cung cp cc thng s truyn thng : a ch IP Network Mask Default Router, ... Address Resolution Protocol (ARP) IP- address MAC address Truyn thng trong mng ni b.


2


4.1 Dch v phn gii a ch Address Resolution Protocol (ARP) truyn thng thit b gi cn IP v MAC ca thit b ch n. Khi bit a ch IP, thit b phi xc nh a ch MAC. ARP cho php my tnh tm a ch MAC khi bit a ch IP.

Send Data to a device

ARP Flowchart

Is the MAC address in my ARP cache

N

Send an ARP request

Y

Get an ARP reply

Send Data

Insert the new record into ARP cache


3


Hot ng ARP : ARP request

MAC MAC IP IP What is your MAC Addr? 197.15.22.33197.15.22.35 A.B.C.1.3.3 ff.ff.ff.ff.ff.ff

A.B.C.1.3.3

197.15.22.33

A

A Broadcast: who knows the Ethernet address for 197.15.22.35?

A.B.C.4.3.4

197.15.22.34

A.B.C.7.3.5

197.15.22.35

B

C

ARP Reply v CachingARP Table: A.B.C.7.3.5 197.15.22.35

MAC MAC A.B.C.7.3.5 A.B.C.1.3.3

197.15.22.35 197.15.22.33

IP

IP

This is my MAC Addr

M RA10.0.2.1 A.B.C.1.3.3 10.0.2.5 A.B.C.4.3.4 10.0.2.9 A.B.C.7.3.5

A

C reply in Unicast : Yes, I am

B A.B.C.7.3.5

C


4


ARP Cache to mt Data FrameARP Table: A.B.C.7.3.5 197.15.22.35

MAC MAC A.B.C.1.3.3 A.B.C.7.3.5

197.15.22.33197.15.22.35

IP

IP

Data

A.B.C.1.3.3

197.15.22.33

A.B.C.4.3.4

197.15.22.34

A.B.C.7.3.5

197.15.22.35

A

B

C

Default gatewayDefault gateway cn thit cho h thng cn truyn thng vi thit b thuc mng khc. Default gateway: c nhn din bi c a ch MAC v a ch IP Default gateway l giao tip trn router ni ni vo lin kt mng cc b ca h thng cn g d liu.

ARP Rep ly

Eo

Default gateway

E1


5


4.2 Dch v phn gii tn min The Domain Name SystemH thng tn min c s dng chuyn i mt hostname sang a ch IP v ngc li. Tin trnh phn gii tn sang a ch IP : phn gii thun resolve forward lookup queries gethostbyname() Mt phn gii ngc t a ch IP sang tn: resolve reverse lookup queries gethostbyaddr() Mt tn min th cp c khi to in-addr.arpa

Domain Naming SystemRoot domain

. Rootedu com gov mil arpa navy org acm ieee net uk fr cisco yahoo nasa nsf

Top level domain

Second level domain princeton mit Sub domain csux01 ux04 ee physics

Khng gian tn min (Domain name space) : gm tp hp cc nt phn cp (hierarchy) to thnh cy c gc (Root) v tr cao nht. Cc nt c tn gi l nhn (label) Nt gc c tn: .


6


Phn cp tn minTop level Domain : 3 loi gTLDs (generic TLDs): Phn theo lnh vc hay mi trng hat ng com, edu, net, org, gov, mil, int, arpa aero, biz, coop, info, museum ccTLDs (country code TLDs): Phn theo quc gia, gm 2 k t au, ca, br, de, fi, fr, jp, se, hk, cn, tw, my, Second level Domain: To ra t mt nt ca TLD Phi ng k vi TLD server. c bit tn min in-addr.arpa phc v cho phn gii ngc t IP address qua tn min.

Reverse Lookup Zone


7


Domain NamesNguyn tc to nhn v tn: Nhn: tn ca nt hay l: [a-zA-Z0-9\-]{1,63} Tn min y FQDN (Fully Qualified Domain Name): SOA [ ]( Serial (YYMMDDnn); nn th t cp nht trong ngy=> tng ln 1 mi ln c s cp nht trong primary NS Refresh Time read cache ipconfig /flushdns -> erase cache ipconfig /registerdns -> Refreshes DHCP & Re-Registers DNS Arp [-a] | [-s]->Displays and modifies entries in the Address Resolution Protocol (ARP) cache Netstat -> statistics current connections


33


DHCP - Gn a ch IP cho host

DHCP v DNSThng bo a ch dch v cn thitDNS server (D2) (10.0.0.9) Mail server (19.0.0.11) Web server (10.0.0.10)

Default Gateway RA

Sale-Dept 10.0.0.101 --> 10.0.0.200

E0 10. 0.0.0.1 Internet E0 10. 0.0.0.1

Ch nh a ch ngMarketing-Dept 10.0.0.50 --> 10.0.0.100 DHCP server (D1) (10.0.0.5)


34


NAT only with Address

a10.0.0.60

RANAT

WWW.yahoo.com

b

Internet 10.0.0.61 10.0.0.1

Public Addresses: 203.162.100.50, 203.162.100.51

c

10.0.0.62

NAT Table Inside IP 10.0.0.61 10.0.0.62 Out IP 203.162.100.50 203.162.100.51

Dch v kt ni lin mng- RoutingC ch nh tuyn (routing) thng qua thit b Router. S dng c tnh iu khin truyn lp IP trn c s a ch IP (thnh phn Net-id v Subnet-id) quyt nh hng chuyn tip gi d liu v ch. Router thc hin 2 chc nng: 1. Thit lp v duy tr c s thng tin ng i v cc ch trong cu trc mng. 2. nh tuyn v chuyn tip cho gi d liu sau khi nhn c


35


nh tuyn lin mng- RoutingC s d liu ng i ban uHost A1 (19.0.0.100) E0 19. 0.0.1

RA

Routing table Dest-addr IF-outE0 E1

DNS/DHCP server (D1) (19.0.0.10)

Next-hop19.0.0.1 20.0.0.1

E1 20. 0.0.1 Mail/ Web servers (M2) (20.0.0.10)

19.0.0.0

20.0.0.0

C s d liu ng i ban u

Host A1 (19.0.0.100) E0 19. 0.0.0.1 DNS/DHCP server (D1) (19.0.0.10)

RA

S0 21.0.0.1

RB

E1

22. 0.0.0.1

Host B2 (22.0.0.100)

E0 20. 0.0.0.1 Mail/ Web servers (M2) (20.0.0.10)

S0 21.0.0.2

E0

23. 0.0.0.1 Web server (W1) (23.0.0.10)

Routing table/ RA

C s d liu ng i c cp nht lin tc

Dest-addr19.0.0.0

IF-outE0 E1 S0 S0 S0

Next-hop19.0.0.1 20.0.0.1 21.0.0.1 21.0.0.2 21.0.0.2

Hop Count0 0 0 1 1

20.0.0.021.0.0.0

22.0.0.0 23.0.0.0


36


Dch v h tng cho chc nng bo mt (1/3)Firewall- tung la: Bo v vng ngai ca mt mng hay mt h thng u cui. Chc nng:

Lc lu lng- Packet filter y quyn Proxy NAT: chuyn i a ch Public v a ch private

Firewall Basics for the Beginning User


37


Rules Determine WHO ? WHEN ? WHAT ? HOW ?

INTERNET INTERNET

My PC

Firewall

Secure Private Network

Firewalls Packet Filter and Proxy


38


Solution 1:

Example 2: Now suppose that we want to implement the policy any inside host can send mail to the outside.

Solution 2:

This solution allows calls to come from any port on an inside machine, and will direct them to port 25 on the outside. Simple enough So why is it wrong?


39


Dch v h tng cho chc nng bo mt (2/3)IDS/ IPS: h thng pht hin xm nhp v ngng chn.

IDS: Intrusion Detect System: h thng pht hin xm nhp IPS: Intrusion Prevent System: h thng pht hin xm nhp v ngn chn xam nhp. Chc nng: Pht hin cc xm nhp da vo cc mu xm nhp c bit trc. C c ch x l i vi mt s mu xm nhp.

Network based IDS and IPS Deployment

Switch IPS Sensor

Switch

Firewall

Router

Management Server

IDS Sensor

Switch

Untrusted Network

Corporate NetworkWWW ServersourceMMClements AAdekunle UniversityGreenwich

DNS Server

DMZ

80


40


4.4 nh tuyn IP1. Khi nim & thut ng 2. nh tuyn tnh v nh tuyn ng 3. Thut ton Routing 1. Distance vector 2. Link-state 4. Giao thc nh tuyn 1. RIP, IGP 2. OSPF, BGP 5. Thit b nh tuyn- Router

Tng quan nh tuyn IPRouting l tin trnh tm ng i ti u ng vi IP-prefix ca ch n. Routing table: bng nh tuyn hay c s d liu v ng i m t chi tit v cch m mt gi d liu cn c x l chiuyn tip i n chn k tt nht. Router iu khin v chuyn tip gi tin Duy tr bng nh tuyn (topology state of the network). X l Datagram: Xc nh l trnh k tip cho gi IP: next hop Chuyn tip gi IP: re-encapsulates chuyn gi tin ra bn mi trng truyn thng qua interface thch hp.


41


Bng nh tuyn (routing table) Bng nh tuyn l c s d liu cha thng tin nh tuyn: .danh sch cc ng i tt nht hin hu. ch n v a ch chng k tip (Dest- IP Prefix, Next-hop) Phng php to ra v duy tr ni dung bng nh tuyn : T cp nht nhn cng bi ngi qun tr-> nh tuyn tnh. T ng cp nht gia cc router khc thng qua giao thc nh tuyn- > nh tuyn ng. Routers lu gi bng nh tuyn trong RAM.

Collision domain & Broadcast domainHost A1 (19.0.0.101) Host A0 (19.0.0.100)

RADNS/DHCP server (D1) (19.0.0.10) Collision domains Broadcast domain Broadcast domain E0 19. 0.0.0.1 S0 21. 0.0.0.1 E1 20. 0.0.0.1

WAN

Web server (w1) (20.0.0.5)


42


ARP cache (E0)

ARP caches & Routing table

MAC-addrA1 E0

IP-addr19.0.0.100 19.0.0.1 19.0.0.10

Host A1 (19.0.0.100) E0 19. 0.0.0.1

D1 RA

ARP cache (E1) MAC-addr IP-addr20.0.0.1 20.0.0.10

DNS/DHCP server (D1) (19.0.0.10)


E1 M2

Routing table Dest-addr19.0.0.0

IF-outE0 E1

Next-hop19.0.0.1 20.0.0.1

20.0.0.0

Host A1 (19.0.0.100) E0 19. 0.0.0.1 DNS/DHCP server (D1) (19.0.0.10)

RA

S0 21.0.0.1

RB

E1

22. 0.0.0.1

Host B2 (22.0.0.100)


S0 21.0.0.2

E0

23. 0.0.0.1 Web server (W1) (23.0.0.10)

Routing table/ RA Dest-addr19.0.0.0

IF-outE0 E1 S0 S0 S0

Next-hop19.0.0.1 20.0.0.1 21.0.0.1 21.0.0.2 21.0.0.2

Hop Count0 0 0 1 1

20.0.0.021.0.0.0

22.0.0.0 23.0.0.0


43


Default Route & Default Gateway to A RouterE0 19. 0.0.0.1

RA

S0 21.0.0.1

RB

S0 24. 0.0.0.1

a.b.c.d

E0 20. 0.0.0.1

S0 21.0.0.2

E1 E0

22. 0.0.0.1

23. 0.0.0.1

Routing table/ RA Dest-addr19.0.0.0

IF-outE0 E1 S0 S0 S0 S0

Next-hop19.0.0.1 20.0.0.1 21.0.0.1 21.0.0.2 21.0.0.2 21.0.0.2

Hop Count Metric0 0 0 1 1

H tr nh tuyn phn cp vi Default Route. Nu mt ch n khng tm thy trong bng nh tuyn s s dng record default route.

20.0.0.021.0.0.0

22.0.0.0 23.0.0.0 0.0.0.0

nh tuyn tnh - Static routing Record m t ng i c cp nht bi ngi qun tr nh tuyn tnh c s dng trong trng hp topology mng n gin hay cn bo mt cao. - Mng con c duy nht mt ng kt ni ra ngoi (stub network). - Router(config)# ip route destination-prefix {next address | interface} [distance]


44


nh tuyn ng- Dynamically Routing nh tuyn ng: c s dng trong mng phc tp, tnh trng ng i trong mng thay i nhanh Router s dng trng s Metric nh gi, o lng l trnh Mi giao thc nh tuyn s tnh ton gi tr Metric c th khc nhau (Bandwidth; Delay; Load; Reliability; MTU) c s dng khi nhiu l trnh cng tn ti v s dng cng giao thc nh tuyn, l trnh vi gi tr Metric thp nht l tt nht.

Cc thnh phn ca trng s MetricBandwidth bng thng truyn d liu ca link. Delay thi gian tr ca mng chuyn tip . Reliability tham chiu t l mt gi trn mi kt ni mng. MTU ca router chuyn tip Hop-count: s chng / router m gi phi c nh tuyn trc khi v n router ch. Load ti hin ti


45


Phng php nh tuyn ng c bnSource-based: Source cho mt danh sch l trnh n ch E.g: ATM , Frame relay approach Hop by Hop: routers xc nh Hop k tip tt nht i vi mt ch ch (IP Prefix) da vo thng tin bng nh tuyn. Link state: tnh gi tr ng i thp nht s dng kin thc ton cc v topology mng. Maps => next-hops OSPF; BGP Distance vector: thng tin mang tnh cc b/ ln cn (adjacent Nodes) Bt u vi gi tr ca kt ni trc tip. Thng tin nh tuyn l thuc vo node ln cn. RIP; IGP

Phn cp nh tuyn trong mng internetPhn cp nh tuyn trong cu trc internet: ASs, Areas, networks ASs (Autonomous System) L cc h thng mng qui m ln (tng ng mt tiu bang hay mt quc gia), c t chc v qun l c lp. Kt ni gia cc AS l nhng router bin Boundary routers. Areas: n v thnh phn trong mt AS Bao gm Mang v cc mng con (Networks and Sub-networks) Kt ni gia cc Areas l border routers Kt ni gia cc networks/ subnetworks trong Area l internal routers


46


nh tuyn phn cp

Exterior routing Interior routing

Customer routing

Intra-Area & Inter-AreasInter-Area routing between Area A1 and Area A2Border Routers

Interior Routing (OSPF)C.bAutonomous System

Area-A3

B.a A.a A.c d A1 a b c aArea-A1

Area-A2

a Host h1

A3

b

c A2

Host h2

b

Intra-Area routingInternet: IS-IS, RIP

Internal Routers

Intra-Area A1 routing Internal Routing


47


Intra-AS and Inter-AS routingInter-AS routing between AS A and AS BBoundary Routers

Exterior Routing (BGP)C.b B.a A.a A.c d A a b cAS-A AS-B

AS-C

a Host h1

C

b

a

c B

Host h2

b

Intra-AS routing Interior Routing

Intra-AS routing within AS BInternet: OSPF, IS-IS, RIP

Thch thc trong nh tuyn tan cuVn v thi gian hi t thng tin trong phm vi tan min nh tuyn (trn tng router thnh phn). Qung b thng tin ng i X l v cp nht bng nh tuyn Trng thi tan min- Global state bao ph ln: Area-> AS => tan cu thay i nhanh, tn xut cao (dynamic) kh khn trong vic thu thp thng tin ng i Thch thc: Tnh nht qun (Consistency) v xc ng (completeness) => convergence time Kh nng m rng: scalability (interior / exterior ) nh hng v hiu sut s dng ti nguyn mng


48


Mt s tin ch kim th lin quanIpconfig ipconfig /all ipconfig /release -> release all connection ipconfig /renew-> renew configuration for all interface ipconfig /displaydns-> read cache ipconfig /flushdns -> erase cache ipconfig /registerdns -> Refreshes DHCP & Re-Registers DNS Arp [-a] | [-s]->Displays and modifies entries in the Address Resolution Protocol (ARP) cache Netstat -> statistics current connections

Khai bo cu hnh ni mng


49


Ci t DHCP server

Khai bo tn ca phm vi qun l a ch


50


Khai bo dy a ch cp pht ng

Khai bo dy a ch dnh ring


51


Khai bo thi gian c s dng a ch ca client

Khai bo default gateway


52


Khai bo DNS qun l tn min lin quan

Cu hnh dnh ring a ch cho server


53

Documents

Chuong 4- MMT- Ha Tang Mang IP- Last