Unit 6 - Systems Administration

Back in the early days of networking, devices were statically, manually configured with their 32-bit IPv4 addresses and subnet masks. This is not scalable, and also prone to human errors.

RARP - Reverse Address Resolution Protocol

RARP is reverse ARP. A diskless work station would still have a NIC, and therefore a MAC Address, and would ask a Reverse ARP server for an IP Address.

Administrators would pre-configure a table on the Revers ARP server matching Mac addresses of devices to the IP addresses that would be dynamically handed out to them upon request. ARP matches an IP Address to a corresponding MAC Address. Reverse ARP matches a MAC Address to a corresponding IP Address , hence the term “Reverse ARP”.

However, the Mac addresses still needed to be collected and entered along with the IP Address that would be handed out on the Reverse ARP server.

Another problem with Reverse ARP was that like ARP, it was a layer to protocol that existed inside of frames. Since there was no IP header, it couldn’t be sent off a network. What that meant was that each and every network needed its own Reverse ARP server.

BootP - Bootstrap particle

BootP messages were encapsulated in UVP data grams at Layer 4, which were encapsulated in IP packets at Layer 3. This way messages could actually by routed off a network and the need for a server on each and every network was eliminated (unlike in RARP).

A machine would boot up, send a request to the BootP server with its MAC Address, and it would be assigned an IP Address that the admin chose for that MAC Address. Relay agents made this possible. Routers don’t forward broadcasts, but part of the BootP sequence involved broadcasting a request to a BootP server, because obviously the client doesn’t have any knowledge of anything at that point in time.

Relay agents were router interfaces on a network, also serving as the full gateways, that took broadcast BootP messages and turned them into unicast messages, relaying them through the normal IP routing process to the prepare BootP servers. The BootP servers sent responses back to the relay agents, who relayed those messages back to the clients. This way, you can have two BootP server on a single network giving out IP addresses for many other networks.

DHCP - Dynamic Host Configuration Protocol

DHCP’s improvement over BootP was something called scopes, which are ranges of IP addresses that are used in a dynamic fashion. A client machine asks the DHCP server for an IP Address and if there are addresses left in this dynamic pool, the server picks one and assigns it to the host, binding the logical IP Address to the host’s physical MAC Address for a duration of time. This concept is known as a lease.

DHCP was made to be an extension of BootP because of BootP’s capability of relay agents. DHCP was made to be an extension of BootP so that relay agents would be able to relay either BootP or the new DHCP messages. Option 53 distinguishes DHCP from BootP in the Layer 7 fields.

DHCP’s DORA

The general process of a client requesting and getting an IP address from a DHCP server is DORA, which is an acronym for four specific DHCP message types:

  • Discover

  • Offer

  • Request

  • ACK, short for Acknowledge

A client device will broadcast a DHCP discover message at both Layer 2 and Layer 3.

  • The Layer 3 broadcast address is 255.255.255.255.

  • The Layer 2 broadcast addresses 12 F’s.

For the source IP Address, the client uses the unspecified address of 0000, quad 0. The client’s Default Gateway, also acting as its relay agent, will need to be pre-configured to know about the DHCP servers in the autonomous system. When this router interface sees the broadcast traffic and inspects the UDP datagram to see a DHCP discover message, the router will replace both the frame and the packet and send the UDP datagram as a unicast message in a new frame and packet to a DHCP server through the normal routing process. The server, when it gets the DHCP discover, which is now a unicast, will check to see the relay agent’s IP address, which was added to the DHCP portion of the message. This allows the DHCP server to know which network the client is on and give the client an address accordingly.

┌------------------------------------------------------------┐
|           ┌-----------------------------------------------┐|
|           |              ┌-------------------------------┐||
|           |              |              ┌---------------┐|||
|  Frame 2  | IP Header2   | UDP Header   | DHCP Discover ||||
|           |              |              └---------------┘|||
|           |              └-------------------------------┘||
|           └-----------------------------------------------┘|
└------------------------------------------------------------┘

The gateway will always be on the same network as the client, assuming a subnet mask for all networks of 255.255.0.0, which means the first two octets are networked octets and the last two octets are host octets.

  • If the router’s IP address 10.1.0.99, the DHCP server will give the client an IP address that starts with 10.1.

  • If the router’s IP address 10.2.0.99, the DHCP server will give the client an IP address that starts with 10.2.

Each subnet has its own scope on the DHCP server. Based on the IP address of the relay agent, the DHCP server knows which scope to select an IP address from. In a similar fashion, the DHCP client transmits its MAC address in the DHCP discover message. This allows the DHCP server to associate that MAC address with the IP address it leases to the DHCP client.

That’s how the DHCP server knows which DHCP client is using an IP address at any point in time. The DHCP server will also give other pieces of information to the DHCP client, including subnet mask, default gateway IP address, DHCP server addresses, DNS server addresses, and more. The server sends a DHCP offer in a unicast message back to the relay agent, who relays it back to the client. Most dedicated DHCP servers will send this back as a unicast message to the client, with or without a relay agent, even though the client doesn’t yet have true possession of the IP address.

After the client gets the DHCP ACK from the relay agent, the client will now be able to start sending unicast messages from this IP address.

DNS - Domain Name System

DNS uses a hierarchical distributed way of resolving names to IP addresses.

DNS resolution (when nothing is cached):

  1. Client will query local primary DNS server to resolve FQDN (fully qualified domain name) to IP address. We’ll use www.qwer.sk as an example.

  2. Local DNS server, puts the client on hold. Local DNS server do not know the answer yet and escalates the query to one of the 13 root DNS servers. The root DNS server queried gives a referral back to the client’s local DNS server for the IP address of one of the authoritative DNS servers for the TLD (top level domain: .sk, .com, .net, etc.).

  3. Local DNS server will query the TLD authoritative DNS server, since it know the point of contact DNS servers for subdomains in the top level domain (qwer.sk, google.sk, etc.).

  4. Local DNS server will query DNS server for domain name (ns.qwer.sk) which resolves the FQDN to an IP address.

  5. Client’s local DNS server gives that answer back to the client as if it knew the answer all along. Local DNS might cache the answer for further use.