1. Trang Chủ
  2. Quản trị Web
  3. DNS, DHCP, and IP Address Management Session 806

DNS, DHCP, and IP Address Management Session 806

How DNS Works DNS Namespace • Hierarchical name space • Each node in tree represents domain/subdomain • Some subdomains are defined as zones • Each zone has a “primary” name server responsible for all lower nodes • Resource records (RR) are defined for each node • Example RRs are: Address (A), pointer (PTR), mail exchange (MX), name server (NS), start of authority (SOA) 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 1 DNS, DHCP, and IP Address Management Session 806 806 0963_05F9_c3 © 1999, Cisco

Thể loại Tài liệu miễn phí Quản trị Web

Số trang 29

Ngày tạo 8/29/2018 5:24:18 PM +00:00

Loại tệp PDF

Kích thước

Tên tệp

Tải DNS, DHCP, and IP Address Management Session 806 (.pdf)

Xem mẫu

  1. 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 1 DNS, DHCP, and IP Address Management Session 806 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 2 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 1
  2. DNS and DHCP Challenges Manual Processes Public Policies Domain Based on Software IP Addresses Intelligent Network Users Applications User Provisioning User-Based Scalable Automated Policy Reliable Network Networking DNS/DHCP Addressing Services 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 3 Managing Names and Addresses Custom Edit by Hand Spreadsheet Application 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 4 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 2
  3. Migrating to Directories Etc. Many Users DNS DNS Firewall Firewall Firewall 2000 Directory DHCP DHCP Policy Policy DNS 1990’s DHCP PC Inventory PC Inventory Multiple Single Sources Source of Data 1980’s of Data Dial-In 1970’s E-Mail Few Users 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 5 Protocol Overview DNS and DHCP 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 6 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 3
  4. How DNS Works DNS Namespace cisco.com zone • Hierarchical name space (root) • Each node in tree represents COM domain/subdomain CISCO CISCO • Some subdomains are defined as zones WWW WWW TIMSPC TIMSPC RTP RTP • Each zone has a “primary” name server responsible for all lower nodes • Resource records (RR) are defined for each node • Example RRs are: Address (A), pointer (PTR), mail exchange (MX), timspc.cisco.com name server (NS), start of authority (SOA) 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 7 How DNS Works DNS Queries • Clients query local DNS Root Name server for IP addresses Server • Local server starts with .COM Name Server the root name server and recursively queries DNS CISCO.COM servers until it finds a Name Server server that has the answer Local • Local servers send DNS answers back to the Server www.cisco.com clients and cache A. 161.44.10.9 the answers Q. What Is the IP Address DNS Client Outside for www.cisco.com? of Cisco Network 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 8 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 4
  5. DNS Redundancy Primary Name Server • Redundancy is built into DNS for CISCO.COM • Secondary servers automatically backup primary servers • Secondary servers check the primary for changes in the zone serial number • Updates controlled by the refresh rate in SOA record for zone • Use Notify and Incremental Zone Transfers to reduce propagation Secondary DNS Secondary DNS delay and bandwidth utilization Server for Server for • Spread secondary and caching CISCO.COM DNS Client CISCO.COM DNS servers liberally Old Zone Transfer Old Zone Transfer New Zone Transfer New Zone Transfer 1. Secondary Checks the Serial 1. Secondary Checks the Serial 1. Primary DNS Server Sends a 1. Primary DNS Server Sends a throughout the network Number of the Zone Number of the Zone NOTIFY Message to Secondary NOTIFY Message to Secondary 2. If It Has Changed, Secondary 2. If It Has Changed, Secondary When the Zone Data Changes When the Zone Data Changes Requests a Zone Transfer Requests a Zone Transfer 2. Secondary Requests an 2. Secondary Requests an 3. Primary Sends the Entire 3. Primary Sends the Entire Incremental Zone Transfer Incremental Zone Transfer Zone to Secondary Zone to Secondary 3. Primary Only Sends the 3. Primary Only Sends the Changes to Secondary Server Changes to Secondary Server 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 9 How DHCP Works Obtaining a Lease Send My • Dynamically assigns Configuration configuration information DHCP Information Server • Creates IP address pools to conserve addresses and support mobile users • Clients broadcasts DHCP DHCP Discover packet on Client local subnet Here is your configuration: • Multiple servers IP Address: 192.204.18.7 can respond Subnet Mask: 255.255.255.0 Default Routers: 192.204.18.1, 192.204.18.3 • Client chooses first DNS Servers: 192.204.18.8, 192.204.18.9 WINS Server: 192.204.18.9 or best response Lease Time: 5 days 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 10 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 5
  6. How DHCP Works DHCP Discover Process Server 1 Client Server 2 ER DIS • DHCP client broadcasts OV COV ISC (Br oad ER D st) cas DHCP DISCOVER packet (Br oad ca t) on local subnet ER OF OFF FE t) (U icas • DHCP servers send nic as t) R ( Un OFFER packet with lease information REQ T UES UES • DHCP client selects lease REQ ast) (Br o T adc adc ast (Bro and broadcasts DHCP ) REQUEST packet ACK s t) • Selected DHCP server ica ( Un sends DHCP ACK packet 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 11 How DHCP Works DHCP Packet Hardware Hardware OP Code HOPS Type Length Transaction ID (XID) Seconds Flags Client IP Address (CIADDR) Your IP Address (YIADDR) Server IP Address (SIADDR) Gateway IP Address (GIADDR) Client Hardware Address (CHADDR)—16 bytes Server Name (SNAME)—64 bytes Filename—128 bytes DHCP Options 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 12 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 6
  7. How DHCP Works DHCP Options • Server passes Common DHCP Options configuration options Option Code to client Lease Time 51 Subnet Mask 1 • Over 100 options defined Default Routers 3 DNS Servers 6 • Most DHCP clients support Domain Name 15 approximately 10 options Host Name 12 WINS Servers 44 • Custom and vendor NetBIOS Node Type 46 options available Client Identifier 61 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 13 What’s New in DNS and DHCP • New DNS standards Dynamic DNS updates (RFC 2136) Incremental Zone Transfers (RFC 1995) Notify (RFC 1996) • New DHCP standards DHCP Safe Failover (Internet draft) 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 14 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 7
  8. Dynamic DNS Updates, Notify, and Incremental Zone Transfers Cisco Network Cisco Network sbombay- sbombay- Registrar DHCP pc.cisco.com IP: pc.cisco.com IP: Registrar Primary Server 172.16.18.74 172.16.18.74 DNS Server Host: Host: Notify Notify sbombay-pc sbombay-pc Message Message IP Address: IP Address: 172.16.18.74 172.16.18.74 IXFR IXFR Only changed information is sent Only changed information is sent sbombay-pc.cisco.com sbombay-pc.cisco.com Request Request 172.16.18.74 172.16.18.74 WAN DHCP Client • Dramatically reduces propagation delay • Dramatically reduces WAN bandwidth utilization • Integrates DHCP and DNS Secondary 806 DNS Server 0963_05F9_c3 © 1999, Cisco Systems, Inc. 15 DHCP Safe Failover Protocol Backup DHCP Server • All DHCP requests are sent to both servers Primary DHCP Server • Primary updates backup with lease information • Backup takes over when primary fails Primary Address Pool Primary Address Pool Backup Address Pool Backup Address Pool • Backup server uses 172.16.18.101-200 172.16.18.101-200 172.16.18.191-200 172.16.18.191-200 dedicated pool of addresses allocated by the primary to prevent duplicate IP address • Servers synchronize when primary is up • IETF Internet Draft 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 16 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 8
  9. DNS Issues 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 17 Split DNS External www.cisco.com • Two “primary” DNS Internet DNS mail.cisco.com servers for the domain Server ftp.cisco.com • Hides the structure of the internal network • Internal clients point to internal DNS servers • External server www.cisco.com publishes web, mail, mail.cisco.com ftp and other external Internal ftp.cisco.com servers Network wwwin.cisco.com • Internet DNS servers delegate to external callmanager.cisco.com primary DNS server erpserver.cisco.com Internal timspc.cisco.com DNS eng-web.cisco.com Server 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 18 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 9
  10. Selective Forwarders Root DNS Server External External DNS Internet DNS Server Server Big.com Small.com Connect to erp.small.com Internal Internal erp.small.com DNS Server DNS Server 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 19 WINS • Windows Internet Names Service (WINS) NetBIOS Names Service (NBNS) Windows NT file and print services Flat name space • Coexists with DNS • Scaling problems in large networks • Going away with Windows 2000! 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 20 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 10
  11. Windows 2000 and Active Directory • Coming soon! • DNS requirements Dynamic DNS updates (RFC 2136) SRV records • Active directory is dependent on DNS • WINS is phased out 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 21 DHCP Issues 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 22 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 11
  12. DHCP in a Routed Network • DHCP clients broadcasts Router with DHCP Relay a DHCP discover packet interface se0 • DHCP relay (ip helper address) ip helper 161.44.54.7 on the router hears the DHCP ip helper 161.44.54.8 DHCP Discover packet and forwards Server DHCP (unicast) the packet to the 161.44.54.7 Server DHCP Packet 161.44.54.8 DHCP server • DHCP relay fills in the GIADDR GIADDR 161.44.18.1 field with IP address of the primary interface of router • DHCP relay can be configured to forward the packet to multiple Physical Network DHCP servers. Client will choose 161.44.18.0 the “best” server • DHCP servers use GIADDR field of DHCP DHCP Discover packet as an index Client in to the list of address pools 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 23 DHCP in a Switched Network • Cisco IOS® allows DHCP Packet Router multiple addresses on with DHCP an interface which GIADDR DHCP Server implies multiple logical Relay networks on same 192.204.18.1 Primary physical network 192.204.19.1 Secondary Catalyst® • DHCP relay inserts first 192.204.20.1 Secondary Switch IP address of interface 192.204.21.1 Secondary in GIADDR field • Most DHCP servers can One Physical Network create an address pools Four Logical Networks with multiple logical 192.204.18.0 DHCP DHCP 192.204.19.0 Client Client networks. This is also 192.204.20.0 known as super scopes 192.204.21.0 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 24 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 12
  13. DHCP Security • DHCP lacks built in security Any client can get an address Any server can allocate an address • Client class in CNR Create list of authorized MAC addresses • IETF working on the problem • Generally not an issue on most nets 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 25 IP Address Management Issues 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 26 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 13
  14. Private Network Numbers (RFC 1918) • Difficult to obtain new network numbers Internet • Unlimited addresses with private network numbers • Allows for flexible addressing schemes Private Network • Requires NAT/PAT to 10.0.0.0/8 access Internet Private Network Numbers 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 27 NAT, PAT, and Dynamic NAT Private Network 10.0.0.0/8 10.0.0.7 172.16.0.0/12 Internet Internal Add. External Add. Translation Note 10.0.100.151 10.0.0.7 161.44.16.7 Static NAT Permanent Mapping for Mail Server 172.16.4.57 10.0.100.151 161.44.16.105 Dynamic NAT VoIP Phone Calling on the Internet 172.16.4.57 161.44.17.5 PAT Web client browsing Internet Translation Mapping How It Works Permanent Mappings between Internal Permanent Mappings between Internal Static NAT Permanent—1 to 1 Servers to external addresses Servers to external addresses Pool of External Addresses Dynamically Pool of External Addresses Dynamically Dynamic NAT Dynamic—1 to 1 Assigned to Internal Clients for Duration Assigned to Internal Clients for Duration of Session of Session Multiple Internal Clients Share Single Multiple Internal Clients Share Single PAT Dynamic—Many to 1 External Address External Address 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 28 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 14
  15. NAT in PIX, and Cisco IOS Packet with Embedded IP Address Translated Packet SA: 10.0.5.8 NAT Mappings SA: 171.68.10.5 161.44.8.9 DA: 161.44.8.9 10.0.5.8 -> 171.68.10.5 DA: 161.44.8.9 Pool of NAT Addresses 171.68.10.2-100 10.0.5.8 10.0.5.8 171.68.10.5 Cisco Translation Applications PIX IOS Easy Telnet, FTP, HTTP, Simple C/S Apps Yes Yes Multimedia, H.323, NetBIOS, DNS, Dual NAT, Difficult Yes Most SQL*NET, Dynamic Port Negotiation Impossible SNMP - - 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 29 Directory Services Standard Schemas • Directory Enabled Networks (DEN) Started by Cisco/Microsoft, now owned by DMTF • Schemas for DHCP being developed Proposals from Microsoft, Novell, and IETF 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 30 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 15
  16. Server Sizing (100K, 10K, 1K, 100 Clients) Nodes Minimum Server Configuration Redundant DHCP Server (Mid-Range UNIX Servers—Sun Ultra 250E, Redundant DHCP Server (Mid-Range UNIX Servers—Sun Ultra 250E, Raid Disks, 512 MB RAM) Raid Disks, 512 MB RAM) 100K Primary DNS Server (Mid-Range UNIX Server—Sun Ultra 250E, Raid Disks, 512 MB Primary DNS Server (Mid-Range UNIX Server—Sun Ultra 250E, Raid Disks, 512 MB RAM)Distribute Secondary and Caching DNS Servers Throughout Network RAM)Distribute Secondary and Caching DNS Servers Throughout Network Option 1: Redundant DHCP Servers (Mid-Range UNIX Servers, 384 MB RAM) Option 1: Redundant DHCP Servers (Mid-Range UNIX Servers, 384 MB RAM) 10K Option 2: Redundant DHCP Servers (High-End NT Servers, 384 MB RAM) Option 2: Redundant DHCP Servers (High-End NT Servers, 384 MB RAM) Primary DNS Server (Mid-range UNIX Server—Sun Ultra 250E, Raid Disks,512 MB Primary DNS Server (Mid-range UNIX Server—Sun Ultra 250E, Raid Disks,512 MB RAM) Distribute Secondary and Caching DNS Servers Throughout Network RAM) Distribute Secondary and Caching DNS Servers Throughout Network 1K Option 1: Two Servers Running DNS/DHCP (Low-end UNIX Servers—Raid Disks, 256 MB RAM) Option 1: Two Servers Running DNS/DHCP (Low-end UNIX Servers—Raid Disks, 256 MB RAM) Option 2: Two Servers Running DNS/DHCP (Mid-range NT Servers—Raid Disks, 256 MB RAM) Option 2: Two Servers Running DNS/DHCP (Mid-range NT Servers—Raid Disks, 256 MB RAM) Distribute Secondary and Caching DNS Servers Throughout Network Distribute Secondary and Caching DNS Servers Throughout Network 100 Option 1: Cisco IOS DHCP Server on Any Platform 1600, 2500, 3600, Etc. Option 1: Cisco IOS DHCP Server on Any Platform 1600, 2500, 3600, Etc. Provide DNS Service Remotely Across WAN Provide DNS Service Remotely Across WAN Option 2: CNR on a Small Windows NT System to Provide DNS & DHCP Option 2: CNR on a Small Windows NT System to Provide DNS & DHCP Performance Factors Number of Nodes, Number of Queries, DHCP Lease Time, and Disk I/O Performance 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 31 Example Network Designs 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 32 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 16
  17. Large Campus Corporate • Large campus networks require high-performance, redundant DNS Data Center and DHCP servers to support Primary multiple 10,000s of nodes DNS • The server functions need to be Server split across multiple servers in a cluster • Build a cluster with at least three servers, one primary DNS and two redundant DHCP servers. An additional DNS server can used to provide secondary DNS service DHCP DHCP • DNS servers need high Server 1 Server 1 performance disk I/O (preferably a RAID system) to keep up with dynamic DNS updates Secondary • Each major location around the DNS world—U.S., Europe and Asia Server needs a cluster 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 33 Large Branch Offices • Organizations with a large Primary DNS Secondary number of remote branch offices with a UNIX or NT Server for DNS server at each remote site. Company Zone Server Typically 20-200 nodes/site Bigco.Com • At each of the remote sites, Corporate Headquarters an organization should deploy at least one DNS and DHCP server, two for redundancy. The redundant DHCP server could be at HQ Corporate • Each location could have a WAN separate domain for the site and a primary DNS server at DNS and the location. This depends DHCP Servers on the WAN bandwidth • This configuration survives WAN outages DNS and Store Number: 1007 Store Number: 1007 DNS and Zone: st1007.bigco.com Zone: st1007.bigco.com DHCP Servers DHCP Servers 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 34 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 17
  18. Small Branch Offices • Organization has a large number of remote sites and less than 20 nodes per site. Primary DNS Redundant Remote sites should have Server for DHCP dial-backup connections for Store Zones Servers redundancy. DHCP/Bootp relay is enabled on router Corporate Headquarters • At HQ deploy cluster of redundant DNS and DHCP DHCP/Bootp Relay servers to provide service to remote sites (aka IP Helper) • Each location could have a Corporate separate domain. Primary WAN DNS server for each remote DNS and site zone is in HQ. If available, run a secondary DHCP Servers DNS server in the remote site for the remote site zone using IXFR and NOTIFY Secondary Store Number: 1007 Store Number: 1007 DNS Zone: st1007.bigco.com Zone: st1007.bigco.com Server 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 35 Small Office/Home Office • SOHO users can connect to the corporate network using ISDN, DSL or Frame Relay • Use the Cisco IOS DHCP server Corporate to provide addresses for WAN devices in the SOHO. Use a private, unregistered network number Cisco Cisco IOS • Use Port Address Translation DHCP Serve Port to converse IP addresses Address Translation • Provide DNS services from the corporate network 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 36 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 18
  19. Provisioning IP Phones 10.0.100.15 10.0.100.21 IF MAC Address = Phone Mac Address Then CNR IP Address = 10.0.100.X DHCP Else Server IP Address = 161.44.12.X DHCP Extension Point Script Primary IP address = 161.44.12.1 161.44.12.45 161.44.12.53 Secondary IP address = 10.0.100.1 • Deployment of IP phones will require a large number of new IP addresses • Private network numbers (RFC 1918) should be used for IP phones • Cisco Network Registrar is able to distinguish between PCs and IP phones using a DHCP extension point script • DHCP server distributes additional configuration information to IP phones 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 37 Custom Application User Registration • Boston College (BC) EagleNet activation • Users must “activate” Minimal documentation Enter name and BC PIN Activation • Four activated classes Web Page Other BC Student, staff Network Guest, device Resources • Existing DB updated User name/MAC • Help desk load User DB 60% fewer calls 806 0963_05F9_c3 © 1999, Cisco Systems, Inc. 38 Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 19
  20. Cisco IOS DHCP Server Configuration ! Start DHCP Server service dhcp ! ! Store DHCP Lease database on tftp server ip dhcp database tftp://tftp.cisco.com/dhcp. db ! ! ! Create DHCP address pool for the 10.0.0.0/28 network ip dhcp pool subnet-10 lease 3 0 0
nguon tai.lieu . vn
Tin học văn phòng Đồ họa - Thiết kế - Flash Quản trị Web Cơ sở dữ liệu Quản trị mạng Kỹ thuật lập trình Hệ điều hành Phần cứng An ninh - Bảo mật Chứng chỉ quốc tế Thủ thuật máy tính Điện - Điện tử Kinh tế học Hoá học Xã hội học Môi trường