The game of addressing

• Machines on the internet are identified in 3 ways
  • by name to other humans.
  • by internet address to machines on a global network.
  • by ethernet address to machines on a local network.

Host names

• www.eecs.tufts.edu: the name of a host.
  • www: the host name.
  • eecs.tufts.edu: the domain name.
• host names assigned by local administrator
• domain names sold by domain brokers (e.g., register.com).
  • `loan.com' cost over a million dollars!
  • `business.com' cost 7 million dollars!
  • `alvacouch.com' was going to cost me 30 dollars! (Just don't have the name recognition).

Internet addresses

• a four-tuple: 130.64.23.39
  • in decimal notation (base 10).
  • each number between 0-254 (one unsigned byte).
  • 255 means broadcast to all hosts in a domain (reserved).
• prefix of one, two, or three bytes assigned by InterNIC.
• Rest of number determined by (licensed) owner of domain.
• Type of Internet license determined by how many bytes owner gets to set.
  • 3 bytes: class A license (the US government)
  • 2 bytes: class B license (Tufts)
  • 1 byte: class C license (small company)
  • 0 byte: class D license (cable modem)

Anatomy of an IP address:

• Allegro is 130.64.23.36
• 130.64 assigned to Tufts (class B)
• Tufts assigned (sublicensed) 130.64.23 to EECS (Class C)
• I assigned 130.64.23.36 to allegro (Class D)

Ethernet addresses:

• a 6-tuple of hexadecimal (base 16) bytes.
• Each part a hexadecimal byte (00-ff)
• E.g. my workstation Blackhole has address 08:00:20:7a:67:e9
• first three bytes 08:00:20 determine vendor of equipment (Sun Microsystems)
• last three bytes 7a:67:e9 are assigned by vendor, determined by model number and serial number of equipment (Sparc SS5, hostid=807a67e9).
• note that my hostid just happens to be my ethernet address. This is a Sun convention and cannot be counted upon.

Addressing conventions

• MAC:
  • addresses starting with 4,5,6,7 are user-assigned.
  • 00:00:00:00:00:00 and ff:ff:ff:ff:ff:ff are reserved (wire broadcast addresses)
  • all other addresses are vendor-assigned.
• IP:
  • addresses starting with 10., 192.168. are private and not routed on the backbone (RFC 1918).
  • addresses starting with other numbers are assigned by your ISP or the American Registry of Internet Numbers (ARIN) (http://www.arin.net)
• Names:
  • All domain names are registered with some domain registry organization, subject to rules of the Internet Corporation for Assigned Names and Numbers (ICANN) (http://www.icann.org).
  • Organization delegates subdomains to particular sub-organizations within itself. E.g., tufts.edu allowed us to create eecs.tufts.edu..
  • machine names are assigned by you and tacked onto domain names. E.g., andante.eecs.tufts.edu.

The basic game

• Hosts have ethernet and IP addresses assigned.
• Out of the box, a host has the ability to send a packet to any other host on the ethernet by ethernet address.
• But we as humans tell the machine to find a machine with another internet address.
• How do they talk to one another?
• Two layers to the problem: link and network.

Link layer (ethernet)

• local addressing scheme.
• assigned by vendors to cards.
• valid on 'one wire' or 'one hub'.
• NOT aware of tcp/ip workings.
• Switching (or bridging): transferring information locally between separate 'wires' viewed as 'one wire'.
• Unknown at network layer except through address translation tables.

Network layer (tcp/ip).

• global addressing scheme.
• assigned by InterNIC or delegated by ISP's.
• valid anywhere in the world.
• NOT aware of link layer/ethernet.

Terminology

• Interface: one card or physical connection to the network.
• Single-home host: a host with one network interface card (NIC).
• Multi-home host: a host with two or more NIC's.

Parts of the game

• in the local domain, can only send messages to machines with known MAC address.
  • Address resolution: MAC address to IP address mapping.
• in the global domain, can only send messages to machines with a known IP address.
  • Routing: transferring information non-locally to a known IP address.
• Two parts of the game:
• map the local wire (ARP table)
• map the network of wires (Routing table)

Address translation table (arp table)

• maps between local address (MAC/ethernet) and global address (ip/ipv6).
• valid on one interface.
• describes map on ONE WIRE.

ARP protocols:

• ARP : address resolution protocol
  • works on link layer, makes machines aware of each other on network layer.
  • used all the time

     machine 1: "hi there, i'm 08:00:2b:16:34:98 (MAC) 
       and my IP address is 192.168.1.1 (tcp)"
       who is 192.168.1.10? 
       (broadcast: Where are you?)
     machine 2: makes a note of this mapping in its 'arp table'.
       responds "I'm 08:00:2b:16:17:82 (MAC) and 192.168.1.10 (IP)."
       (response: I'm here!)
    

• REVARP: reverse address resolution protocol.
  • used just in starting machines.

     machine 1: who the heck am I, I'm 08:00:2b:16:17:82. 
     (broadcast: who am I?)
     server 2: I know you, you're 192.168.1.9. 
     (response: you're so and so.)
    

ARP Algorithm

• Maintain an ARP cache of mappings between ethernet and IP address.
• All the time, listen for ARP requests from other hosts.
  • If someone broadcasts a request for the ethernet address for your IP address, then respond with your ethernet address (and store the requester's IP and ethernet mapping in your own cache).
• If you want to send something to an IP address,
  • if the IP is in your ARP cache, then send the message to the corresponding ethernet address.
  • if not, then ring the ARP for it. Broadcast a request for the ethernet address to all hosts on the local wire (wire broadcast). Wait.
    • if someone responds with an ARP response containing an appropriate ethernet address, send your message to that address.
    • else tell your user that the host is `unreachable'.

Seeing ARP at work

• arp -a: show the arp table.

   blackhole{couch}53: /usr/sbin/arp -a
   Net to Media Table
   Device   IP Address               Mask      Flags   Phys Addr 
   ------ -------------------- --------------- ----- ---------------
   le0    Yogi.eecs.tufts.edu  255.255.255.255       00:d0:b7:a0:6d:ac
   le0    C16.EECS.Tufts.EDU   255.255.255.255       08:00:20:88:1b:75
   le0    C12.EECS.Tufts.EDU   255.255.255.255       08:00:20:88:1a:75
   le0    Sw-B1-G2.EECS.Tufts.EDU 255.255.255.255       00:e0:52:c1:ab:00
   le0    Monitor.EECS.Tufts.EDU 255.255.255.255       08:00:20:7d:21:71
   le0    C6.EECS.Tufts.EDU    255.255.255.255       08:00:20:75:7b:5c
   le0    Conmoto.EECS.Tufts.EDU 255.255.255.255       08:00:20:b0:51:fa
   le0    Forte.EECS.Tufts.EDU 255.255.255.255       08:00:20:0e:04:39
  

• Device: which physical interface (determines which wire).
• Address: which machine we want.
• Mask: a binary mask showing how many addresses are mapped. If a bit in the mask is 0, then the corresponding bit in the original address can change. 255.255.255.255 means only one address.
• Phys Addr: the vendor address assigned to a device.
• Wait a minute: these "Addresses" are names, not IP addresses!
• arp command automatically converts them!

Routing

• ARP works fine for one wire, but is unaware of how to route messages between wires.
• Sending a message between wires is called routing.
• Several protocols manage the routing table.

Routing table

• Tells one host how to send packets to another on the whole Internet.
• For each destination address, gives next hop host address.
• This is a neighbor of yours who knows more about how to send the packet to its real destination.
• If each machine forwards the packet to a neighbor nearer to its destination, then the packet will eventually reach its destination machine.

Spying on routing

• To spy on routing, use netstat -rn:

   blackhole{couch}59: netstat -rn
   Routing Table:
     Destination           Gateway           Flags  Ref   Use   Interface
   -------------------- -------------------- ----- ----- ------ ---------
   130.64.23.0          130.64.23.164         U        3   1174  le0
   224.0.0.0            130.64.23.164         U        3      0  le0
   default              130.64.23.127         UG       0   5470  
   127.0.0.1            127.0.0.1             UH       01147795  lo0
  

• Destination: where you want to go.
• Gateway: next hop in getting there.
• Interface: which interface card to use.
• default: where to send anything you don't know about!

Routing protocols:

• Several different protocols are used in different environments.
• Static routing: you configure all the next hop addresse yourself.
• Routing Information Protocol (RIP): suitable for LAN's (runs within EECS).
• Open Shortest-Path First (OSPF): suitable for enterprises (runs on Tufts backbone).
• Exterior Gateway Protocol: runs between ISP's.

Routing concepts:

• To be able to route between wires, we need to be able to specify the address range valid on a wire.
• Subnet: the group of hosts that live on one (logical) wire.
• Subnet mask (netmask): determines how many stations can be housed on a specific wire.
  • binary 4-tuple
  • 1's mean that part of the address is the same for all stations on the wire.
  • 0's mean that part of the address can differ.
• Examples:
  • 255.255.255.0: only the last ip byte can vary
  • 255.255.0.0: the last two ip bytes can vary
  • 255.0.0.0: the last three ip bytes can vary
• Network (wire) address: determines fixed part of IP address for a specific wire:
  • 130.64.23.0 netmask 255.255.255.0: addresses 130.64.23.0-130.64.23.255.
  • 10.1.0.0 netmask 255.255.0.0: addresses 10.1.0.0 to 10.1.255.255.
• Prefix notation: a way of specifying subnet masks.
  • a.b.c.d/e means network address a.b.c.d and subnet mask starting with e 1's (and the rest 0's) in binary.
  • 130.64.23.0/24 means 130.64.23.0 netmask 255.255.255.0
  • 130.64.0.0/16 means 130.64.0.0 netmask 255.255.0.0
  • 130.64.23.0/27 means 130.64.23.0 netmask 255.255.255.224(!)
• Note: most sane people use subnet masks that consist of a block of 1's followed by a block of 0's.
  • routers don't require this.
  • you can use split fields, e.g., netmask 255.255.1.255 (0xffff01fff)
  • this is possible but considered bad style.
• Next hop: in a subnet, the address of the router for that subnet.

Reserved addresses:

• On each subnet, the address with all ones in the variant bits is the subnet broadcast address.
• All hosts on the subnet listen to any messages sent to that address.
• On older hosts, the address with all 0's in the mask bits is also a broadcast address. This is deprecated. Many ISP's now assign that address to a host and/or subnet.

Problem of the day #1:

• What are the allowable machine addresses within 130.64.23.0/24?
• What is the broadcast address of 130.64.23.0/24?
• What are the allowable machine addresses within 130.64.23.192/27?
• What is the broadcast address for 130.64.23.192/27?
• (we used to use the /27 mask within EECS!)

Variable-size subnet masks

• It's convenient but not necessary to have a subnet mask whose size is divisible by 8.
• We can subnet in many other ways.
• Problem is that when we subnet into smaller spaces, we lose lots of addresses as broadcast addresses.
• Case study: old EECS subnet scheme:
  • 8 subnets:
    • 192.138.178.0/27 hosts 192.138.178.0-30 broadcast 192.138.178.31
    • 192.138.178.32/27 hosts 192.138.178.32-62 broadcast 192.138.178.63
    • 192.138.178.64/27 hosts 192.138.178.64-94 broadcast 192.138.178.95
    • 192.138.178.96/27 hosts 192.138.178.96-126 broadcast 192.138.178.127
    • 192.138.178.128/27 hosts 192.138.178.128-158 broadcast 192.138.178.159
    • 192.138.178.160/27 hosts 192.138.178.160-190 broadcast 192.138.178.191
    • 192.138.178.192/27 hosts 192.138.178.192-222 broadcast 192.138.178.223
    • 192.138.178.224/27 hosts 192.138.178.224-254 broadcast 192.138.178.255
  • we've already lost 8 addresses to broadcast rather than one.
  • but some EECS stations are old and can't understand all-0's addresses, so 192.138.178.0/27 is out as well as the 0-nodes 192.138.178.32, 192.138.178.64, 192.138.178.96, 192.138.178.128, 192.138.178.160, 192.138.178.192, and 192.138.178.224.
  • and some EECS stations think that 192.138.178.224 is an all-subnet broadcast address, so 192.138.178.224/27 is out.
  • beginning address size: 254 stations 1-254.
  • yield: 6 subnets of 30 stations = 180 stations.
  • 254 - 180 = 74 stations lost to subnetting!

Static routing:

• You can tell a host how to get to various networks.
• This is called `static routing' because it doesn't change until you tell the host differently.
• To do this, use the route command:

   route add -net 130.64.0.0 netmask 255.255.0.0 gw 192.168.1.1 metric 2
  

  • add add a route to the routing table.
  • -net the thing you're adding is a route to a network (not a host).
  • 130.64.0.0 - address of the network.
  • netmask 255.255.0.0 - subnet mask determining the extent of the network.
  • gw 192.168.1.1 - gateway host to send packets to (must be in a directly connected subnet)
  • metric 2 - there are two hops to the destination via this route.

Dynamic routing:

• Static routing is tedious; we'd instead like hosts to learn how to talk to one another.
• Basic game: control the routing table based upon ongoing updates from neighboring routers.
• Routers broadcast their state of knowledge about the network.
• Hosts use that information to modify their routing tables for the best routes.

RIP

• Routing Information Protocol (RIP): periodically exchange routing tables.
• Routers broadcast RIP packets to all other hosts on immediately connected wires (subnet broadcast).
• Normal hosts listen for RIP packets and update routing tables.

RIP Advertisements

• A RIP broadcast contains a list of hosts and networks to which the sending router can send packets:

   network      mask           metric
   130.64.0.0   255.255.0.0     1
   10.1.3.0     255.255.255.0   3
  

  • network: wire address of a network the router knows
  • mask: determines the extent of the network
  • metric: the `number of hops' from this router to the network (1 means directly connected).
• Each of these lines of data is termed a RIP advertisement.
• RIP algorithm:
  • Each router periodically broadcasts this list to hosts and other routers.
  • Hosts update their own routing tables to point to the sending router, only if the route is better than anything the host knows.
  • E.g., if the sending router is 130.64.24.127, and the host is 130.64.24.35, and it receives the above packet, then the host would set its routing table to send traffic to 130.64.0.0 through 130.64.24.127.
• RIP determines the `best route' according to its metrics.
  • If a host receives multiple RIP routes to the same network, it responds by choosing the route with the least number of `hops'.
  • When adding a route to its own table, the number of hops increases by one.

Problem of the day #2

• Suppose that you start with a blank routing table on a host numbered 192.168.5.16/24.
  • Suppose 192.168.5.127/24 sends the following RIP packet:

     network     netmask       metric
     130.64.24.0 255.255.255.0  2
     10.3.0.0    255.255.0.0    3
     10.2.0.0    255.255.0.0    4
    

  • while 192.168.5.24/24 sends a RIP packet with these contents:

     network     netmask       metric
     130.64.23.0 255.255.255.0  2
     10.3.0.0    255.255.0.0    1
    

• What does the routing table look like now on 192.168.5.16/24?
• Which gateway will 192.168.5.16/24 use to send a packet to 10.3.12.5/16?

Other routing protocols:

• RIP has severe limits
  • Tables are largely statically created on particular routers.
  • Can't respond elegantly to network outages.
  • Not enough information for hosts to use to intelligently work around outages.
  • Really poor security: if you broadcast RIP, everyone listens, even if you're a fool!
  • Case study: EECS RIP poisoning.
• OSPF: open shortest path first.
  • Better security: can limit who you listen to very carefully.
  • Adaptive: works around network outages.

Simplified view of OSPF

• RIP simply sends the `best routes' each router knows.
• The RIP table is usually rather static and based upon configurations of specific routers.
• OSPF also sends info on less desirable routes that might be needed as backup.
• Routers running OSPF `try' routes and `fall back' to less desirable ones if `best' routes fail.
• An `open' path is one that works.
• Open-shortest path first: `try the shortest route that seems to work first, followed by longer routes as needed'.

Making the network function:

• OK, so we know about roughly how ARP and RIP make LAN's work.
• Now it's time to get our hands dirty by making these things work!

Configuring your host: ifconfig

• /sbin/ifconfig (/usr/sbin/ifconfig): reports the configuration of your host (MAC and IP address).

   lin09{couch}: /sbin/ifconfig -a
   eth0      Link encap:Ethernet  HWaddr 00:D0:B7:9A:4E:B6
             inet addr:10.1.2.241  Bcast:10.1.255.255  Mask:255.255.0.0
             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
             RX packets:123922595 errors:0 dropped:0 overruns:0 frame:0
             TX packets:122670780 errors:0 dropped:0 overruns:1 carrier:0
             collisions:0 txqueuelen:100 
             RX bytes:2221757220 (2118.8 Mb)  TX bytes:218349679 (208.2 Mb)
             Interrupt:7 Base address:0xef00 Memory:febfa000-febfa038 
   
   eth1      Link encap:Ethernet  HWaddr 00:D0:B7:9A:4E:B7  
             BROADCAST MULTICAST  MTU:1500  Metric:1
             RX packets:0 errors:0 dropped:0 overruns:0 frame:0
             TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:100 
             RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
             Interrupt:7 Base address:0xee80 Memory:febf9000-febf9038 
   
   lo        Link encap:Local Loopback  
             inet addr:127.0.0.1  Mask:255.0.0.0
             UP LOOPBACK RUNNING  MTU:16436  Metric:1
             RX packets:2440409 errors:0 dropped:0 overruns:0 frame:0
             TX packets:2440409 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:0 
             RX bytes:268557203 (256.1 Mb)  TX bytes:268557203 (256.1 Mb)
  

• same command also allows setting of network parameters (as root):

   /sbin/ifconfig eth0 10.1.2.241 netmask 255.255.0.0 broadcast 10.1.255.255
  

  would have the effect we see above.
• Actually, lin09 has two interfaces: eth0 and eth1.
  • eth0: the real ethernet
  • eth1: an extra card for use as a firewall/router.
• UML oddity: br0.

host02{couch}$ /sbin/ifconfig -a

 br0       Link encap:Ethernet  HWaddr 00:02:55:B7:BA:77  
           inet addr:10.10.118.130  Bcast:10.10.118.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:1078256 errors:0 dropped:0 overruns:0 frame:0
           TX packets:777275 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:903082893 (861.2 Mb)  TX bytes:606092994 (578.0 Mb)
 
 eth0      Link encap:Ethernet  HWaddr 00:02:55:B7:BA:77  
           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
           RX packets:1076835 errors:0 dropped:0 overruns:0 frame:0
           TX packets:779597 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100 
           RX bytes:922330612 (879.6 Mb)  TX bytes:609494103 (581.2 Mb)
           Interrupt:7 
 
 eth1      Link encap:Ethernet  HWaddr 00:02:55:B7:BA:78  
           BROADCAST MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100 
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
           Interrupt:5 
 
 lo        Link encap:Local Loopback  
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:246 errors:0 dropped:0 overruns:0 frame:0
           TX packets:246 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:31484 (30.7 Kb)  TX bytes:31484 (30.7 Kb)
 
 tap0      Link encap:Ethernet  HWaddr 00:FF:AA:4D:48:02  
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:2313 errors:0 dropped:0 overruns:0 frame:0
           TX packets:176122 errors:0 dropped:20781 overruns:0 carrier:0
           collisions:0 txqueuelen:100 
           RX bytes:255306 (249.3 Kb)  TX bytes:13743811 (13.1 Mb)

• br0: fake software bridge. Makes UML instances look like they're running in a switched environment.
• tap0: an ethertap device; used by br0 to simulate bridging.

Testing routing: ICMP

• Internet Control Message Protocol (ICMP): informs you of the state of routing.
• Tasks of ICMP
  • test routing and interface card function.
  • inform you if hosts are `unreachable'.
  • `redirect' you to use better routes.

Using ICMP

• ping tells you whether a route to a station is working.

   # ping 10.1.2.250
   10.1.2.250 is alive. 
  

  • /sbin/ping on linux, /usr/sbin/ping on Solaris.
  • Watch out: if ping works the interface card is alive, but not necessarily the host.
• traceroute traces a route to a host one hop at a time.

   blackhole{couch}56: /usr/sbin/traceroute ftp.uu.net
   traceroute to ftp.uu.net (192.48.96.9), 30 hops max, 40 byte packets
    1  Sw-B1-G2.EECS.Tufts.EDU (130.64.23.127)  1.812 ms  1.293 ms  1.279 ms
    2  and-rtr-1.net.tufts.edu (130.64.211.1)  1.893 ms  1.646 ms  1.619 ms
    3  tab-7507-fe10.net.tufts.edu (130.64.5.127)  2.534 ms  2.567 ms  2.236 ms
    4  uunet-7204-fe00.net.tufts.edu (130.64.171.1)  2.006 ms  1.877 ms  1.932 ms
    5  Serial3-1-1.GW3.BOS1.ALTER.NET (157.130.10.141)  2.105 ms  2.883 ms  2.091 ms
    6  196.ATM3-0.XR1.BOS1.ALTER.NET (152.63.25.130)  2.195 ms  2.933 ms  2.237 ms
    7  191.ATM3-0.TR1.NYC1.ALTER.NET (146.188.179.86)  7.707 ms  8.173 ms  8.947 ms
    8  104.at-7-1-0.TR1.DCA8.ALTER.NET (146.188.138.117)  13.401 ms  13.511 ms  13.756 ms
    9  197.at-6-0-0.XR1.DCA1.ALTER.NET (152.63.32.161)  15.670 ms  14.850 ms  15.569 ms
   10  195.ATM1-0-0.GW2.FFX2.ALTER.NET (146.188.160.177)  28.879 ms  16.566 ms  16.779 ms
   11  273.atm6-0.wodc7-esr2.ffx.ops.us.uu.net (207.18.172.70)  32.055 ms  17.904 ms  17.483 ms
   12  ftp.UU.NET (192.48.96.9)  27.184 ms *  16.798 ms
  

  • /sbin/traceroute on linux, /usr/sbin/traceroute on Solaris.
  • actually uses a variant of ping (short time-to-live).
  • sends a ping packet to a host, but arranges for it to stop (and return the address of where it is) after a given number of hops.

IP spoofing and DoS

• IP is unbelievably trusting of the hosts on an IP network.
• The IP number of a host in a packet need not be the IP number of the actual host that sends it!
• Spoofing: misaddressing a packet so that it seems to come from somewhere else.
• Denial-of-service (DoS): arranging for an ISP to be flooded with meaningless traffic by use of spoofing.

Typical denial of service attack:

• Suppose the attacker wants to take down foobar.com (192.138.175.23/24).
• The attacker spoofs packets to servers as if they're coming from the domain he's trying to attack.
• Servers unsuspectingly respond to service requests by responding to the site being attacked.
• Favorite modality for attack: ping (ICMP) and echo (port 7).
• Attacked site is flooded with `answers' to questions it didn't ask.

            spoofed packet              answer to query
   spoofer ------------------> random  -------------------> foobar.com
            source=foobar.com  server   dest=foobar.com
  

Distributed denial of service (smurf)

• The best way to really take a site down is to spoof requests to many different servers at once all targeted at one unsuspecting site.

           spoofed          unsolicited
           packets          responses 
   spoofer--------> server1 ----------> foobar.com
      | +---------> server2 -------------+ ^
      +-----------> server3 ---------------+
  

• Until we put in smurf chokes, EECS computers were used for these attacks!

How spoofing works

• It requires a broken ethernet driver specifically mangled for the purpose.
• This driver can address packets from a different source than configured for the interface.
• Available from any hacker site on the web.

A `legal' form of spoofing: masquerading

• Problem: ISP's don't assign you but one IP address, but you have 5 computers in your home.
• Solution: masquerade your requests through one interface, as if they came from one computer. 10.1.3.127/24 130.64.23.35/24

   hidden <-----------> masquerading <--------------> the internet
   client               host has two interfaces
   IP: 10.1.3.5/24      INSIDE: 10.1.3.127/24
   GW: 10.1.3.127/24    OUTSIDE: 130.64.23.35/24
  

• When the inside host makes a request, the masquerading host makes its own request, then gives the answer to the client.
• All the internet sees is the masquerading host.

Masquerading in EECS

 private client darkmatter
   ^ 10.3.*.*/16
   | 
   v 10.3.1.127/16
 EECS router masquerades 10.3.1.*/16 into 130.64.23.201-219/24
   ^ 130.64.23.*    (nat-01.eecs.tufts.edu, 130.64.23.201) 
   | 
   v 130.64.23.127
 EECS router to internet
   ^ 130.64.254.158/30
   | 
   V 130.64.254.157/30
 Tufts backbone
   ^
   | 
   v
 "the internet"

Dynamic or static addressing:

• static addressing: one ip address till end of time.
  • mail server: everyone needs to know your ip address.
  • few servers => tractable management
• dynamic addressing: host ip address can change upon reboot.
  • client host, no services, => no one has to remember your name.
  • lot of clients => signficant management problem if statically addressed.

Dynamic addressing

• Often, one wants to avoid assigning a fixed internet address to a specific machine.
• Management problem: have to keep track of thousands of IP addresses.
• Configuration problem: have to configure all the machines differently.
• Security: if IP address changes, hackers can't follow it.
• Two protocols: BOOTP (old) and DHCP (new)

BOOTP:

• on top of User DataGram Protocol (UDP).
• machine sends bootp broadcast 'who am i' with Ethernet address embedded.
• server has a list of ethernet addresses and how the machines belonging to them should be configured:
• Map is usually kept in /etc/bootptab:

   hp0:\
         :ht=ether:\            I'm an ethernet device  
         :ha=0060b01ef24e:\     so this is an ethernet address  
         :ip=130.64.23.124:\    this should be my IP address 
         :sm=255.255.255.0:\    this is my subnet mask  
         :gw=130.64.23.127:\    primary gateway to Internet  
         :lg=130.64.23.33:\     log device for describing problems  
         :hn:\                 
         :T144="hpnp/hp0.cfg":\ local configuration data  
         :vm=rfc1048:           meaningful only to the printer  
  

• server responds not only with ip address, but with detailed network information (about how the machine should configure itself to talk to the network).
• tells machine:
  • ip address
  • how big a network address space it's in(254 node subnet).
  • location of a default machine to route ip packets to.
  • an arbitrary list of proprietary things local to machine.
• requires centralized knowledge of hosts, and what they should have as configurations.
• Obsolete except for network printers and other primitive devices.

BOOTP has one drawback:

• I must manually select your IP address.
• if I have to select it,
  • it is difficult to manage large networks:
  • I must do something for each host in the network.
  • It is error prone.

DHCP: Dynamic Host Configuration Protocol:

• rough superset of BOOTP.
• keeps a pool of unused ip addresses, hands addresses out dynamically through a 'lease' concept.
• bootp: 1 line per machine
• dhcp: 1 line per TYPE of machine (pool).
• /etc/dhcpd.conf:

   subnet 10.1.2.0 netmask 255.255.255.0 {
     option smtp-server   130.64.23.171;
     option www-server    130.64.23.39;
     option ntp-servers   130.64.23.38;
     option subnet-mask   255.255.255.0;
     range dynamic-bootp  10.1.2.110 10.1.2.119;  use these addresses 
     option pop-server    130.64.23.37;           for unknown ethers  
     option nisplus-domain "eecs.tufts.edu";
     option routers       10.1.1.127;
     option domain-name-servers 130.64.23.38,130.64.5.5,130.64.1.13;
     default-lease-time   14400;
     option finger-server 130.64.23.37;
     max-lease-time       86400;
     option time-offset   -5;
     dynamic-bootp-lease-length 3600;
     option nisplus-servers 130.64.23.33;
     option domain-name   "eecs.tufts.edu";
     host lin10 {
       hardware ethernet 00:d0:b7:9a:4e:aa;
       fixed-address lin10;                      keep this address fixed
     }
     host lin16 {
       hardware ethernet 00:02:b3:19:e5:32;
       fixed-address lin16;                      keep this address fixed
     }
   }
  

Renumbering: threat or menace?

• Illusion: internet numbers are `for keeps'.
• Reality: you can be expected to renumber your whole site several times in the next few years.
• Benefit of DHCP/Bootp: editing one file renumbers your whole site.

Summary:

• connectivity:
  • ifconfig tells you about and configures network interfaces.
  • ping, traceroute test arp, routing, and connectivity.
  • arp -a tells you about the ARP table.
• routing:
  • netstat -rn tells you about routing table.
  • route allows entry of 'static routes' into the routing table.
  • RIP describes routing tables to neighbors of routers.
  • OSPF and other routing protocols allow more intelligent routing decisions.
• dynamic addressing:
  • DHCP (/sbin/dhcpd, /etc/dhcpd.conf) handles dynamic addressing of hosts.
  • BOOTP (/sbin/bootpd, /etc/bootptab) is an earlier version with no pool addressing.
  • REVARP (/etc/ethers) is the most primitive version of dynamic addressing.