Professional Documents
Culture Documents
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 2
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Agenda
Address Review
1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 10 0 0 0 00 0 0 0 01 0 0 0 01
128 9 0 33
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Address Hierarchy and Naming
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 5
Subnet Mask
Address 128.9.0.33
1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 10 0 0 0 00 0 0 0 01 0 0 0 01
Mask 255.255.255.0
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 11 1 1 0 00 0 0 0 00
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 6
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Subnets
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 7
Address Selection
192.168.2.1
• A subnet is assigned to a
physical network (link)
192.168.2.0
• Hosts on that network get
unique address from the
subnet
• Consequences:
Host gets initial address
based on location
192.168.1.0
Host must change address
after moving to new network
192.168.1.1
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 8
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Special Addresses
• Multicast
IPv4—224-239.d.d.d [RFC 2365]
IPv6—FFxx:x:x:x:x:x:x:x
• Anycast [RFC 1546]
Unicast, but with multiple advertisers
• Site-local
IPv4—10/8, 172.16/12, 192.168/16 [RFC 1918]
IPv6—FEC0:0:0:<subnet ID>:<interface ID>
• Link-local
IPv4: 169.254/16
IPv6: FE80:0:0:0:<interface ID>
• Loopback
IPv4: 127.0.0.1
IPv6: 0:0:0:0:0:0:0:1 (::1)
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 9
Name Hierarchy
.com
.ncsa
.uiuc
.edu
.
.chem
.unm .net
.cs
.umd .se
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 10
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Agenda
DHCP Basics
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 12
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
How DHCP Works:
Obtaining an Address
• Server dynamically assigns
IP address on demand Send My
Configuration
• Administrator creates pools DHCP Information
of addresses available for Server
assignment to hosts
• Address is assigned with
lease time
DHCP
• Client can extend lease Client
time dynamically
• Server can reassign Here is Your Configuration:
address after lease IP Address: 192.204.18.7
expires Subnet Mask: 255.255.255.0
Default Routers: 192.204.18.1, 192.204.18.3
• DHCP delivers other DNS Servers: 192.204.18.8, 192.204.18.9
configuration Lease Time: 5 days
information in options
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 13
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
DHCP Relay: Centralized DHCP Service
• DHCP clients broadcasts
a DISCOVER packet
• DHCP relay (ip helper address)
on the router hears the
DISCOVER packet and forwards DHCP Server DHCP Server
(unicast) the packet to the 161.44.54.7 161.44.55.8
DHCP server
Router with DHCP Relay
• DHCP relay fills in the Interface Ethernet 0
GIADDR field with IP DHCP
ip helper 161.44.54.7
address of the receiving ip helper 161.44.55.8 Packet
interface of router GIADDR
• DHCP relay can be configured 161.44.18.1
to forward the packet to multiple
DHCP servers; client will choose
the “best” server Physical Network
• DHCP servers use GIADDR 161.44.18.0/24
field of DHCP packet as an index
in to the list of address pools DHCP
NMS-1101
Client
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 15
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Agenda
DHCP Reliability
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 18
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
DHCP Safe Failover Protocol
• All DHCP requests are Backup DHCP
sent to both servers Server
• Primary updates backup Primary DHCP
with lease information Server
Hardware Hardware
OP Code HOPS
Type Length
Transaction ID (XID)
Seconds Flags
Client IP Address (CIADDR)
Filename—128 bytes
DHCP Options
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 20
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Summary
• DHCP
• Questions?
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 21
Agenda
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 22
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Domain Name Service
• DNS is a database
And the protocol to access it
• Distinctive features:
Design for look-up queries
Replicated content
Distributed control (zones)
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 23
DNS
Network Application
Server
DNS Resolver
Internal OS
Address of
DHCP
DNS Server
Server
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
TCP and UDP Ports
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 25
• Redirection:
“Take your question down the hall”
• Recursion:
“I’ll get back to you”
• Resolver sets recursion desired (RD),
server responds with recursion available
(RA) through bits in the DNS header
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 26
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
DNS First Query
• Clients (stub resolvers)
query local DNS server Root Name Server
Including .edu
for IP addresses (RD on)
.UMD
• Local server queries (RD Name Server
off) the root name server
and follows referrals until cs.umd.edu
it finds a server that has Name Server
the answer Local
DNS
• Local servers send Server ringding.cs.umd.edu
answers back to the
A. 128.8.126.2
clients and cache
the answers
Q. IP Address
for ringding.cs.umd.edu
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 27
Q. IP Address
for ringding.cs.umd.edu
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 28
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Caching and Forwarders
Time to Live
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 30
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Agenda
Terminology
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 32
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Record Format
Optional Fields:
We Only Care About Class=IN (Internet)
ttl Will Get Attention Later
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 33
Address Examples
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
IP Version 6
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 35
• CNAME
The value is the name of a new label
The value of a canonical name is not allowed
to be the label of an CNAME record
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 36
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Delegation Zone
• Hierarchical name space
• Each node in tree
represents Subordinate Zone
Edu
Edu
domain/subdomain Umd
Umd
defined as zones
WWW
Faculty Lab
• Each zone has a “primary”
name server responsible
for all lower nodes, but
delegation is to all
authoritative name servers
• Resource Records (RR)
can, but don’t have to, be
defined for each node
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 37
Delegation Records
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 38
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Delegation: NS and “Glue”
<domain> NS <server>
SRI.COM. NS KL.SRI.COM.
KL.SRI.COM. A 10.1.0.2
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 39
Delegation: SOA
$ORIGIN ARPA.
@ IN SOA SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA. (
45 ;serial (sequential)
3600 ;refresh (1 hour regular check)
600 ;retry (10 minutes between check)
3600000 ;expire (42 days until refresh)
86400 ) ;minimum (a day)
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 40
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Reverse DNS for IPv4 Addresses
b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2
.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.ARPA.
PTR v6host.example.com.
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 42
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Reverse Requirement
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 43
Reverse Complication
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Records for Applications
• MX
• SRV
• NAPTR
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 45
MX
• Mail eXchange RR
• Where the mail for the host is to be sent
• Round-robin within equal preferences
• Mailers send only to lower preference numbers
po2 is only allowed to send to po1 in example below
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Wildcards
FOO.COM. MX 10 RELAY.CS.NET.
*.FOO.COM. MX 20 RELAY.CS.NET.
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 47
SRV
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 48
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
SRV
Format of RR and Example
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 49
NAPTR
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 50
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Agenda
Secondary Servers
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 52
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Replication
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 53
Replication Efficiency
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 54
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Agenda
Dynamic Update
http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 56
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Securing Queries
• TSIG
Transaction Signature—RFC 2845
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 57
• TSIG is used
• Secondary servers have an administrative
relationship that can support secret keys
• Don’t need the overhead of public keys
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 58
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
TKEY
• RFC 2930
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 59
SIG(0)
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 60
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Securing Zone Contents
• DNS security
• Key RR—distributes public
keys for records
• SIG RR—authenticates (signs) one RR set
• NXT RR—“next” record enables
authentication of non-existence
• DS RR—delegation signer~key in parent
with which the child zone is signed
• RFC 2535—being revised
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 61
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 62
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Split DNS
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 63
Internal Root
Query From
Outside Internal
Query From
Inside Forwarder
Internal Resolver
Root
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 64
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Internal Forwarding Server
Internal
Forwarder
Internal Resolver
With Recursion ON
OFF
Root
Internal DNS Server
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 65
Load Sharing
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 66
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Source-Dependent Answers
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 67
Distributed Director
• DD Server is authoritative
nameserver for zone with
name as webserver Paris
User Internet
• When query arrives, DD
server verify with DRP
agents which webserver
Brussels Los Angeles
is closest to client Web Server User
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
DRP—Director Response Protocol
Client
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 69
Anycast
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 70
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Boomerang
Server Load
Balancer and Server Load
Content Servers Balancer and
Local DNS Content Servers
Server
1. Content is distributed 4. Responses are sent back
2. Client query content router via local DNS Server 5. First response arriving is closest
3. Content servers are told to respond to DNS query 6. Client connect to that IP-address
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 71
Summary
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 72
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Other Network Management Sessions
NMS-1001 Introduction to Network Management
NMS-1011 Principles of Fault Management
NMS-1021 Principles of Configuration Management
NMS-1031 Introduction to Collecting Traffic Accounting Information
NMS-1041 Introduction to Performance Management
NMS-1201 Improving Network Availability
NMS-2001 Network Troubleshooting Tools and Techniques
NMS-2021 Large Scale Deployment of CiscoWorks
NMS-2041 Performance Measurement with Cisco IOS
NMS-2051 Securely Managing Your Network
NMS-2102 Deploying and Troubleshooting NAT
NMS-2201 Deploying Highly Available Enterprise Networks
NMS-4031 Advanced NetFlow Accounting
NMS-4041 Adv. Perform. Mgmt. with Cisco Service Assurance Agent
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 73
Recommended Reading
IP Addressing
Fundamentals
ISBN: 1587050676
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Please Complete Your
Evaluation Form
Session NMS-1101
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 75
NMS-1101
Session Number
7969_05_2003_c2
Presentation_ID © 2003, Cisco Systems, Inc. All rights reserved. 76
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Reverse Delegation
• RFC 2317
2.3/12 CNAME xxx.IN-ADDR.ARPA
For delegation of
192.0.2.0/25 to organization A
192.0.2.128/26 to organization B
192.0.2.192/26 to organization C
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 77
$ORIGIN 2.0.192.in-addr.arpa.
;
1 PTR host1.A.domain.
2 PTR host2.A.domain.
3 PTR host3.A.domain.
;
129 PTR host1.B.domain.
130 PTR host2.B.domain.
131 PTR host3.B.domain.
;
193 PTR host1.C.domain.
194 PTR host2.C.domain.
195 PTR host3.C.domain.
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 78
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Reverse Delegation Solution
$ORIGIN 2.0.192.in-addr.arpa.
@ IN SOA my-ns.my.domain.
hostmaster.my.domain. (...)
;...
; <<0-127>> /25
0/25 NS ns.A.domain.
0/25 NS some.other.name.server.
;
1 CNAME 1.0/25.2.0.192.in-addr.arpa.
2 CNAME 2.0/25.2.0.192.in-addr.arpa.
3 CNAME 3.0/25.2.0.192.in-addr.arpa.
; <<128-191>> /26
128/26 NS ns.B.domain.
128/26 NS some.other.name.server.too.
;
129 CNAME 129.128/26.2.0.192.in-addr.arpa.
130 CNAME 130.128/26.2.0.192.in-addr.arpa.
131 CNAME 131.128/26.2.0.192.in-addr.arpa.
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 79
; <<192-255>> /26
192/26 NS ns.C.domain.
192/26 NS some.other.third.name.server.
;
193 CNAME 193.192/26.2.0.192.in-addr.arpa.
194 CNAME 194.192/26.2.0.192.in-addr.arpa.
195 CNAME 195.192/26.2.0.192.in-addr.arpa.
$ORIGIN 0/25.2.0.192.in-addr.arpa.
@ IN SOA ns.A.domain. hostmaster.A.domain. (...)
@ NS ns.A.domain.
@ NS some.other.name.server.
;
1 PTR host1.A.domain.
2 PTR host2.A.domain.
3 PTR host3.A.domain.
NMS-1101
7969_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 80
Copyright © 2002, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr