
Network Fundamentals: Bootstrapping with DHCP and ARP
Explore the process of bootstrapping a computer onto a network using DHCP and ARP protocols, including obtaining IP addresses, resolving MAC addresses, and establishing connections for online access. Understand the intricate details of networking layers and protocols involved in getting online successfully.
Download Presentation

Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
CS 4700 / CS 5700 Network Fundamentals Bootstrapping: DHCP and ARP (a.k.a. how to actually get online)
Opening Your First Connection Imagine that your computer is off You press the power button to turn it on It boots up You open your web browser and try to navigate to Google
Connection Details Let s assume Ethernet at layer 2 AF_INET use the IP protocol SOCK_DGRAM use the UDP protocol Destination port is 53 # Need to look up www.google.com s IP address sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.send(( ??? Your DNS Server ??? , 53), dns_request)
0 48 96 112 Ethernet Ethernet Header Header Source MAC Address [Your MAC Addr.] Dest. MAC Address Frame Len. 0 4 8 12 16 19 24 31 Version HLen 4 5 Datagram Length Offset Checksum DSCP/ECN 0 Identifier 0 Flags 0 0 IPv4 IPv4 Header Header TTL 32 Protocol Source IP Address Destination IP Address 6 0 4 16 31 [Chosen at Random] Source Port Length Destination Port Checksum 53 UDP UDP Header Header
0 48 96 112 Ethernet Ethernet Header Header Source MAC Address [Your MAC Addr.] Dest. MAC Address Frame Len. [Calculate] How do we get the destination MAC address? Who s MAC address is it? 0 4 8 12 16 19 24 31 Version HLen 4 5 Datagram Length Offset Checksum [Calculate] [Calculate] DSCP/ECN 0 Identifier 0 Flags 0 0 IPv4 IPv4 Header Header TTL 32 Protocol Source IP Address Destination IP Address 6 How does this computer get an IP address? It must be within the local network s prefix. 0 4 16 31 How does this computer figure out the IP address of the local DNS resolver? [Chosen at Random] Source Port Length [Calculate] Destination Port Checksum [Calculate] 53 UDP UDP Header Header
Egress point for traffic out to the internet. Network Layout 8.0.0.0/8 129.10.0.0/16 Gateway Router 129.10.0.1 ef:a9:5d:3d:44:07 Switch Router 8.0.0.1 7e:ed:cb:56:d6:dc Switch ?.?.?.? 56:67:e7:bc:93:d2 8.8.8.8 a8:a2:7f:61:2f:f3 de:bb:10:8c:43:4a 83:62:8f:32:4e:d1 All devices on the internet have MAC addresses, but our host does not know them (yet). IP address must be in the 129.10.0.0/16 network.
Dynamic Host Configuration Protocol (DHCP) Address Resolution Protocol (ARP)
Getting Online All hosts connected to the internet need certain information IPv4 (and possibly IPv6) address IP address of local DNS resolver IP address of the local gateway Local netmask How do you get this information?
Getting Online Option 1: Static Configuration Option 1: Static Configuration Get these IP addresses from your network administrator Open your network settings, type in the information Problems? Manual, error prone Difficult for non-experts Must be updated if you move, e.g., from home to work, work to coffee shop, etc. Option 2: Dynamic Configuration Option 2: Dynamic Configuration Your host queries the network for configuration information A network service responds with the information Your host periodically re-queries and updates the information Implemented using the Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP) DHCP helps automatically configure hosts on a network Client-server protocol over UDP on ports 67 and 68 Based on an older protocol (BOOTP) for network booting Many fields in the protocol header are vestigial Optional fields convey key information At least one DHCP server on a network must service clients Knows static configuration information, e.g., the IP of the DNS resolver Knows the pool of IP addresses available for hosts Dynamically leases IP addresses to clients on-demand
DHCP is an Application Protocol UDP for transport Designed for IPv4 networks Designed to work with many layer 2 protocols Application UDP IPv4 Data Link Physical 11
Network Layout, Revisited Gateway Router 129.10.0.1 ef:a9:5d:3d:44:07 Switch ?.?.?.? 56:67:e7:bc:93:d2 de:bb:10:8c:43:4a Send a broadcast to discover the DHCP server, listen on port 67 Listening on UDP port 68 for requests DHCP Server 129.10.1.1 fe:d1:e5:bb:e6:92
DHCP Protocol Sketch & Message Types Request Request the offered config ACK ACK the client s request ARP probe to check if the offered IP address is free Release Release the config Discover Discover: new client needs config information Offer Offer config to a client Not a DHCP message! Negative Negative ACK ACK the client s request Decline Decline the offered config
DHCP Message Format message, 2 for server message 1 for client Message dropped when count == 0 6 for Ethernet Random integer, used to link requests to responses (same as DNS) (MAC addresses are 6 bytes) 1 for Ethernet 0 8 16 24 31 The DHCP servers IP address; initially 0.0.0.0 The client s current IP address; may be 0.0.0.0 Hdwr. Len. Hop Count Opcode Hdwr. Type Transaction ID 0x0 (Vestigial) Flags Number of Seconds Client IP Address Your IP Address Server IP Address Relay Router IP Address Client Hardware Address (16 bytes) Server Name (64 bytes) Boot File Name (128 bytes) Magic Delimiter (= 0x63825363) The client s new IP address, otherwise 0.0.0.0 (padded) The DHCP relay router s address; initially 0.0.0.0 Client s MAC address 0x0 (Vestigial) 0x0 (Vestigial) Options
DHCP Discovery Packet DHCP Discovery Packet 0 48 96 112 Ethernet Ethernet Header Header Source MAC Address [Client MAC Addr.] Dest. MAC Address FF:FF:FF:FF:FF:FF Frame Len. [Calculate] Broadcast destination MAC and IP address 0 4 8 12 16 19 24 31 Version HLen 4 5 [Calculate] Datagram Length Offset Checksum [Calculate] DSCP/ECN 0 Identifier 0 Flags 0 0 IPv4 IPv4 Header Header TTL 32 17 Protocol Source IP Address Destination IP Address 255.255.255.255 0.0.0.0 Client s IP address is unknown Source Port 67 68 Dest Port Checksum [Calculate] UDP UDP Header Header Datagram Length [Calculate] 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Client IP Address Your IP Address Server IP Address Relay Router IP Address Client Hardware Address [Client MAC Addr.] Client, server, and relay IP addresses are unknown DHCP DHCP Message Message (abbreviated) (abbreviated)
DHCP Discovery Broadcast packets are not routed out to the internet Gateway Router 129.10.0.1 ef:a9:5d:3d:44:07 Switch ?.?.?.? 56:67:e7:bc:93:d2 de:bb:10:8c:43:4a Listening on UDP port 67 for a reply Listening on UDP port 68 for requests Not listening for DHCP messages on port 68 DHCP Server 129.10.1.1 fe:d1:e5:bb:e6:92
DHCP Offer Packet DHCP Offer Packet 0 48 96 112 Ethernet Ethernet Header Header Source MAC Address [Server MAC Addr.] Dest. MAC Address [Client MAC Addr.] Frame Len. [Calculate] 0 4 8 12 16 19 24 31 Version HLen 4 5 [Calculate] Datagram Length Offset Checksum [Calculate] DSCP/ECN 0 Identifier 0 Flags 0 0 IPv4 IPv4 Header Header TTL 32 17 [Server IP Address] Protocol Source IP Address Destination IP Address 255.255.255.255 Client has no IP address yet, so broadcast Source Port 68 67 Dest Port Checksum [Calculate] UDP UDP Header Header Datagram Length [Calculate] 0.0.0.0 Client IP Address Your IP Address Server IP Address Gateway IP Address Client Hardware Address [Client MAC Addr.] [Offered IP Address, e.g., 129.10.0.53] [Server IP Address] 0.0.0.0 Offer the client a configuration DHCP DHCP Message Message (abbreviated) (abbreviated)
DHCP Offer Gateway Router 129.10.0.1 ef:a9:5d:3d:44:07 Switch ?.?.?.? 56:67:e7:bc:93:d2 de:bb:10:8c:43:4a Listening on UDP port 67 for a reply Listening on UDP port 68 for requests DHCP Server 129.10.1.1 fe:d1:e5:bb:e6:92
DHCP Request Packet DHCP Request Packet Still a 0 48 96 112 Ethernet Ethernet Header Header broadcast; all DHCP servers will observe which offer the client has chosen Source MAC Address [Client MAC Addr.] Dest. MAC Address FF:FF:FF:FF:FF:FF Frame Len. [Calculate] 0 4 8 12 16 19 24 31 Version HLen 4 5 [Calculate] Datagram Length Offset Checksum [Calculate] DSCP/ECN 0 Identifier 0 Flags 0 0 IPv4 IPv4 Header Header TTL 32 17 Protocol Source IP Address Destination IP Address 255.255.255.255 0.0.0.0 Client s IP address is still unknown Source Port 67 68 Dest Port Checksum [Calculate] UDP UDP Header Header Datagram Length [Calculate] 0.0.0.0 0.0.0.0 Client IP Address Your IP Address Server IP Address Gateway IP Address Client Hardware Address [Client MAC Addr.] Requested IP address as option DHCP DHCP Message Message (abbreviated) (abbreviated) [Server IP Address] 0.0.0.0
DHCP Ack Packet DHCP Ack Packet 0 48 96 112 Ethernet Ethernet Header Header Dest. MAC Address [Client MAC Addr.] Source MAC Address [Server MAC Addr.] Frame Len. [Calculate] 0 4 8 12 16 19 24 31 Version HLen 4 5 [Calculate] Datagram Length Offset Checksum [Calculate] DSCP/ECN 0 Identifier 0 Flags 0 0 IPv4 IPv4 Header Header TTL 32 17 [Server IP Address] Protocol Source IP Address Destination IP Address 255.255.255.255 [Offered IP Address, e.g., 129.10.0.53] Source Port 68 67 Dest Port Checksum [Calculate] UDP UDP Header Header Datagram Length [Calculate] 0.0.0.0 Client IP Address Your IP Address Server IP Address Gateway IP Address Client Hardware Address [Client MAC Addr.] [Offered IP Address, e.g., 129.10.0.53] [Server IP Address] 0.0.0.0 DHCP DHCP Message Message (abbreviated) (abbreviated)
DHCP Options All options have a code that identifies them Required options: #1: the subnet mask for the network the client is on #3: IP address of the gateway router #6: IP addresses of local DNS resolvers #50: Offered IP address (must be in Requests) #51: IP address lease time #53: DHCP message type (e.g., Discover, Offer, Request, Ack) #54: DHCP server identifier (to disambiguate multiple Offers) Many, many optional options: #4: IP addresses of local Network Time Protocol (NTP) servers #12: host name assigned to the client
DHCP Renewal All leases come with a timeout (lease time) Hosts will try to renew this lease once it is halfway expired Send new DHCP Request with same config DHCP server responds with new lease If no response, hosts keep trying If no answer by lease expiry, must stop using IP address Start over again with DHCP Discover message
DHCP and NAT Recall, Network Address Translation (NAT) allows hosts on a private IP range to communicate with hosts on the internet Many (all?) NAT devices are also DHCP servers How did you think all the devices in your home/apartment got their 192.168.0.* IP addresses assigned to them?
Challenge: Port Forwarding but this forwarding rule is set statically by the user Problem: this IP address is assigned dynamically via DHCP Private Network Private Network Internet Internet Private Address Private Address 192.168.0.1:7000 Public Address Public Address *.*.*.*:* 192.168.0.1 192.168.0.2 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Dest: 192.168.0.1:7000 Source: 74.125.228.67:8679 Dest: 66.31.210.69:7000 24
DHCP and NAT Recall, Network Address Translation (NAT) allows hosts on a private IP range to communicate with hosts on the internet Many (all?) NAT devices are also DHCP servers How did you think all the devices in your home/apartment got their 192.168.0.* IP addresses assigned to them? NAT devices allow you to statically assign IP addresses to hosts Implemented as a MAC address IP address mapping Critical to use static IP address assignments with port forwarding
DHCP Wrap Up DHCP helps automatically configure hosts on a network Designed to function in complex network environments More than one DHCP server DHCP server is many hops away from clients Networks that use NAT, including with port forwarding Baseline negotiation is four messages: Discover, Offer, Request, Ack Client receives a configuration with a lease time As lease ages, the client must obtain a new lease Warning: DHCP is not secure! Clients cannot authenticate DHCP servers Leads to DHCP spoofing attacks
DHCP and IPv6 DHCPv6 is a complete rewrite of DHCP Configures clients with: An IP network prefix A local gateway and DNS resolver The local MTU IPv6 address may be assigned or generated by the client i.e., randomly choose the least significant 64 bits
Dynamic Host Configuration Protocol (DHCP) Address Resolution Protocol (ARP)
0 48 96 112 Ethernet Ethernet Header Header Source MAC Address [Your MAC Addr.] Dest. MAC Address Frame Len. [Calculate] How do we get the destination MAC address? Who s MAC address is it? 0 4 8 12 16 19 24 31 Version HLen 4 5 Datagram Length Offset Checksum [Calculate] [Calculate] DSCP/ECN 0 Identifier 0 Flags 0 0 IPv4 IPv4 Header Header TTL 32 Protocol Source IP Address Destination IP Address [Determined via DHCP] 6 [Assigned via DHCP] How does this computer get an IP address? It must be within the local network s prefix. 0 4 16 31 How does this computer figure out the IP address of the local DNS resolver? [Chosen at Random] Source Port Length [Calculate] Destination Port Checksum [Calculate] 53 UDP UDP Header Header
The layer 2 destination of the hop following the gateway router is the next router Who is the Layer 2 Destination? Gateway Router 129.10.0.1 ef:a9:5d:3d:44:07 Switch Router 8.0.0.1 7e:ed:cb:56:d6:dc Switch DNS Resolver 8.8.8.8 a8:a2:7f:61:2f:f3 129.10.0.53 56:67:e7:bc:93:d2 de:bb:10:8c:43:4a 83:62:8f:32:4e:d1 The switch is a layer 2 router, it has a forwarding table. It wants to deliver a packet to a specific layer 2 destination. The local gateway is the layer 2 destination (if the layer 3 destination is out on the internet)
Do We Know The MAC of the Gateway? NO DHCP supplies the IP address of the local gateway router DHCP also supplies the IP address of the local DNS resolver How can a client determine the MAC address associated with a given IP address? Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) ARP allows hosts on a network to query the layer 2 address (e.g., MAC) associated with a given layer 3 address (e.g., IPv4) Hosts maintain an ARP cache containing known MAC IPv4 mappings Designed to work with multiple layer 2 and 3 address schemes We will only look at Ethernet IPv4 ARP messages are carried as data over the layer 2 protocol i.e., Ethernet/ARP, no layer 3 header at all ARP messages are not routable at layer 3
ARP is a Layer 2 Protocol Application Transport Network ARP is meant to bind layer 2 and layer 3 addresses ARP is unusual, it falls between layer 2 and layer 3 ARP Data Link Physical 33
ARP Message Format 1 for query, 2 for reply 4 bytes for IPv4 1 for Ethernet 0x0800 for IPv4 0 8 16 31 Hardware Type Hdwr. Addr. Len. Network Type Operation 6 bytes for Ethernet Net. Addr. Len. Sender Hardware Addr. Sender Hardware Addr. Sender Network Addr. Target Hardware Addr. Sender Network Addr. Target Hardware Addr. Target Network Addr.
ARP Query for the Local Gateway Router 0 8 1 16 31 Hardware Type Hdwr. Addr. Len. 6 Network Type Operation 1 0x0800 Net. Addr. Len. Sender Hardware Addr. [Your MAC Address 4 Sender Hardware Addr. ] [IP Address Assigned Sender Network Addr. Target Hardware Addr. FF:FF:FF:FF:FF:FF Sender Network Addr. by DHCP] Target Hardware Addr. Target Network Addr. Target Network Addr. [Gateway IP Address from DHCP]
ARP Response from the Local Gateway Router 0 8 1 16 31 Hardware Type Hdwr. Addr. Len. 6 Network Type Operation 2 0x0800 Net. Addr. Len. Sender Hardware Addr. [Gateway s MAC Address ] 4 Sender Hardware Addr. Sender Network Addr. Target Hardware Addr. [Requestor s MAC Address] [Gateway s IP Sender Network Addr. Address] Target Hardware Addr. Target Network Addr. Target Network Addr. [Requestor s IP Address]
ARP Query and Response Gateway Router 129.10.0.1 ef:a9:5d:3d:44:07 Switch 129.10.0.53 56:67:e7:bc:93:d2 de:bb:10:8c:43:4a Query is broadcast to the LAN DHCP Server 129.10.1.1 fe:d1:e5:bb:e6:92
Example ARP Cache cbw@localhost:~$ arp a ?(192.168.4.26) at 64:07:f6:8e:9b:5e [ether] on enp15s0 _gateway (192.168.4.1) at c4:a8:16:24:02:14 [ether] on enp15s0 ? (192.168.4.29) at 82:96:fe:a8:85:0b [ether] on enp15s0 ? (192.168.4.27) at ac:67:84:e3:93:f3 [ether] on enp15s0 ? (192.168.4.30) at d8:a3:5c:da:fb:e7 [ether] on enp15s0
0 48 96 112 Ethernet Ethernet Header Header Source MAC Address [Your MAC Addr.] Dest. MAC Address [Gateway s MAC] Frame Len. [Calculate] How do we get the destination MAC address? Who s MAC address is it? 0 4 8 12 16 19 24 31 Version HLen 4 5 Datagram Length Offset Checksum [Calculate] [Calculate] DSCP/ECN 0 Identifier 0 Flags 0 0 IPv4 IPv4 Header Header TTL 32 Protocol Source IP Address Destination IP Address [Determined via DHCP] 6 [Assigned via DHCP] 0 4 16 31 [Chosen at Random] Source Port Length [Calculate] Destination Port Checksum [Calculate] 53 UDP UDP Header Header
DHCP Protocol Revisited Request Request the offered config ACK ACK the client s request ARP probe to check if the offered IP address is free Release Release the config Discover Discover: new client needs config information Offer Offer config to a client Not a DHCP message! Negative Negative ACK ACK the client s request Decline Decline the offered config
ARP Probe An ARP probe is when a host sends an ARP query for their own (potential) IP address In this case, the sender s network address is set to 0.0.0.0 If they receive no response, the IP address is not in use by any other host Free to send a DHCP Request, claim the offered IP address If they receive a response, the IP address is already in use Send a DHCP Decline, then send a new DHCP Discovery
Example ARP Probe 0 8 1 16 31 Hardware Type Hdwr. Addr. Len. 6 Network Type Operation 1 0x0800 Net. Addr. Len. Sender Hardware Addr. [Your MAC Address 4 Sender Hardware Addr. ] Sender Network Addr. Target Hardware Addr. FF:FF:FF:FF:FF:FF 0.0.0.0 Sender Network Addr. Target Hardware Addr. Target Network Addr. Target Network Addr. [IP Address Offered by DHCP]
ARP Announcement Used to preemptively tell hosts on a network a MAC IPv4 binding Also known as a gratuitous ARP 0 8 1 16 31 Hardware Type Hdwr. Addr. Len. 6 Network Type Operation 1 0x0800 Net. Addr. Len. Sender Hardware Addr. [Your MAC Address 4 Sender Hardware Addr. ] [IP Address Assigned Sender Network Addr. Target Hardware Addr. 00:00:00:00:00:00 Sender Network Addr. by DHCP] Target Hardware Addr. Target Network Addr. Target Network Addr. [IP Address Assigned by DHCP]
ARP Wrap Up ARP allows hosts on a network to query the layer 2 address (e.g., MAC) associated with a given layer 3 address (e.g., IPv4) Hosts maintain an ARP cache containing known MAC IPv4 mappings Can be used to prevent erroneous IP address reuse (i.e., by ARP probing) Can be used to announce a MAC IPv4 mapping (gratuitous ARP) Useful for gateways, DNS resolvers, etc. Warning: ARP is not secure! Clients cannot authenticate ARP messages Leads to ARP spoofing attacks
ARP NDP and IPv6 ARP was replaced with the Neighbor Discovery Protocol (NDP) in IPv6 Layer 3 protocol, not layer 2 like ARP Subset of ICMPv6 Additional features like MTU and DNS resolver discovery Five types of messages Router and neighbor solicitation (i.e., query and probe) Router and neighbor advertisement (i.e., response and announcement) Secure Neighbor Discovery Protocol (SEND) Cryptographically authenticated NDP based on RPKI
Getting Online All hosts connected to the internet need certain information IPv4 (and possibly IPv6) address IP address of local DNS resolver IP address of the local gateway Local netmask Why is the local netmask so important?
cbw@laptop:~$ ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.28.0.139 netmask 255.255.240.0 broadcast 172.28.15.255 inet6 fe80::215:5dff:fed5:a670 prefixlen 64 scopeid 0x20<link> ether 00:15:5d:d5:a6:70 txqueuelen 1000 (Ethernet) RX packets 170 bytes 246667 (246.6 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 174 bytes 45554 (45.5 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Layer 2 and Layer 3 Routing Is the given layer 3 destination inside or outside the local subnet? 8.0.0.0/8 129.10.0.0/16 Gateway Router 129.10.0.1 ef:a9:5d:3d:44:07 Switch Router 8.0.0.1 7e:ed:cb:56:d6:dc Web Server 8.8.0.13 a8:a2:7f:61:2f:f3 129.10.0.5 56:67:e7:bc:93:d2 de:bb:10:8c:43:4a Dest. MAC: ef:a9:5d:3d:44:07 Dest. IP: 8.8.0.13 For a given layer 3 destination, what should the layer 2 destination be? Web Server 129.10.128.1 fe:d1:e5:bb:e6:92 Dest. MAC: fe:d1:e5:bb:e6:92 Dest. IP: 129.10.128.1
8.0.0.0/8 64.8.23.0/27 64.8.23.0/28 Gateway Router 64.8.23.1 ed:23:77:40:35:42 Gateway Router 64.8.23.16 39:dc:3e:ef:ea:50 Router 8.0.0.1 Web Server 8.8.0.13 a8:a2:7f:61:2f:f3 64.8.23.13 88:db:2d:cb:47:43 7e:ed:cb:56:d6:dc Dest. MAC: ed:23:77:40:35:42 Dest. IP: 8.8.0.13 Web Server 64.8.23.21 a6:fa:a3:fd:80:8b Web Server 64.8.23.7 d1:75:05:4c:5c:c4 Dest. MAC: ed:23:77:40:35:42 Dest. IP: 64.8.23.21 Dest. MAC: d1:75:05:4c:5c:c4 Dest. IP: 64.8.23.7