Tài liệu DNS, DHCP, and IP Address Management Session 806 doc
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.69 MB, 29 trang )
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
1
1
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 1
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
2
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
DNS, DHCP, and IP
DNS, DHCP, and IP
Address Management
Address Management
Session 806
Session 806
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
2
3
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Intelligent
Network
Users Applications
Manual
Processes
Manual
Processes
Public
Domain
Software
Public
Domain
Software
Automated
Network
Addressing
Automated
Network
Addressing
Policies
Based on
IP Addresses
Policies
Based on
IP Addresses
User-Based
Policy
Networking
User-Based
Policy
Networking
Scalable
Reliable
DNS/DHCP
Services
Scalable
Reliable
DNS/DHCP
Services
User
Provisioning
User
Provisioning
DNS and DHCP Challenges
DNS and DHCP Challenges
4
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Edit by Hand
Edit by Hand
Spreadsheet
Spreadsheet
Custom
Application
Custom
Application
Managing Names and Addresses
Managing Names and Addresses
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
3
5
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
DHCP
DHCP
1970’s
1970’s
Multiple
Sources
of Data
Multiple
Sources
of Data
Few
Users
Few
Users
Many
Users
Many
Users
2000
2000
Firewall
Firewall
PC Inventory
PC Inventory
Etc.
Etc.
Directory
Directory
DNS
DNS
Firewall
Firewall
DHCP
DHCP
Policy
Policy
Dial-In
Dial-In
1980’s
1980’s
1990’s
1990’s
DNS
DNS
Single
Source
of Data
Single
Source
of Data
Migrating to Directories
Migrating to Directories
6
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 6
Protocol Overview
Protocol Overview
DNS and DHCP
DNS and DHCP
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
4
7
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
COM
(root)
WWW
WWW
CISCO
CISCO
RTP
RTP
TIMSPC
TIMSPC
How DNS Works
How DNS Works
DNS Namespace
DNS Namespace
• Hierarchical name space
• Each node in tree represents
domain/subdomain
• Some subdomains are defined
as zones
• Each zone has a “primary”
name server responsible for
all lower nodes
• Resource records (RR) are defined
for each node
• Example RRs are: Address (A),
pointer (PTR), mail exchange (MX),
name server (NS), start of
authority (SOA)
timspc.cisco.com
timspc.cisco.com
cisco.com zone
cisco.com zone
8
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
DNS Client Outside
of Cisco Network
Root Name
Server
.COM Name
Server
CISCO.COM
Name Server
Local
DNS
Server
www.cisco.com
Q. What Is the IP Address
for www.cisco.com?
Q. What Is the IP Address
for www.cisco.com?
How DNS Works
How DNS Works
DNS Queries
DNS Queries
• Clients query local DNS
server for IP addresses
• Local server starts with
the root name server and
recursively queries DNS
servers until it finds a
server that has the answer
• Local servers send
answers back to the
clients and cache
the answers
A. 161.44.10.9
A. 161.44.10.9
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
5
9
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Primary Name Server
for CISCO.COM
Secondary DNS
Server for
CISCO.COM
Secondary DNS
Server for
CISCO.COMDNS Client
DNS Redundancy
DNS Redundancy
• Redundancy is built into DNS
• Secondary servers automatically
backup primary servers
• Secondary servers check the
primary for changes in the zone
serial number
• Updates controlled by the
refresh rate in SOA record
for zone
• Use Notify and Incremental Zone
Transfers to reduce propagation
delay and bandwidth utilization
• Spread secondary and caching
DNS servers liberally
throughout the network
Old Zone Transfer
1. Secondary Checks the Serial
Number of the Zone
2. If It Has Changed, Secondary
Requests a Zone Transfer
3. Primary Sends the Entire
Zone to Secondary
Old Zone Transfer
1. Secondary Checks the Serial
Number of the Zone
2. If It Has Changed, Secondary
Requests a Zone Transfer
3. Primary Sends the Entire
Zone to Secondary
New Zone Transfer
1. Primary DNS Server Sends a
NOTIFY Message to Secondary
When the Zone Data Changes
2. Secondary Requests an
Incremental Zone Transfer
3. Primary Only Sends the
Changes to Secondary Server
New Zone Transfer
1. Primary DNS Server Sends a
NOTIFY Message to Secondary
When the Zone Data Changes
2. Secondary Requests an
Incremental Zone Transfer
3. Primary Only Sends the
Changes to Secondary Server
10
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Here is your configuration:
IP Address: 192.204.18.7
Subnet Mask: 255.255.255.0
Default Routers: 192.204.18.1, 192.204.18.3
DNS Servers: 192.204.18.8, 192.204.18.9
WINS Server: 192.204.18.9
Lease Time: 5 days
Here is your configuration:
IP Address: 192.204.18.7
Subnet Mask: 255.255.255.0
Default Routers: 192.204.18.1, 192.204.18.3
DNS Servers: 192.204.18.8, 192.204.18.9
WINS Server: 192.204.18.9
Lease Time: 5 days
DHCP
Server
DHCP
Client
Send My
Configuration
Information
Send My
Configuration
Information
How DHCP Works
How DHCP Works
Obtaining a Lease
Obtaining a Lease
• Dynamically assigns
configuration information
• Creates IP address pools
to conserve addresses
and support mobile users
• Clients broadcasts DHCP
Discover packet on
local subnet
• Multiple servers
can respond
• Client chooses first
or best response
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
6
11
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Server 1 Client Server 2
OFFER
DISCOVER
(Broadcast)
(Broadcast)
DISCOVER
REQUEST
REQUEST
OFFER
ACK
(
Unicast
)
(
Unicast
)
(Broadcast)
(
Unicast
)
(Broadcast)
How DHCP Works
How DHCP Works
DHCP Discover Process
DHCP Discover Process
• DHCP client broadcasts
DHCP DISCOVER packet
on local subnet
• DHCP servers send
OFFER packet with lease
information
• DHCP client selects lease
and broadcasts DHCP
REQUEST packet
• Selected DHCP server
sends DHCP ACK packet
12
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
OP Code
OP Code
Transaction ID (XID)
Transaction ID (XID)
Hardware
Type
Hardware
Type
Hardware
Length
Hardware
Length
HOPS
HOPS
Your IP Address (YIADDR)
Your IP Address (YIADDR)
Seconds
Seconds
Client IP Address (CIADDR)
Client IP Address (CIADDR)
Server IP Address (SIADDR)
Server IP Address (SIADDR)
Gateway IP Address (GIADDR)
Gateway IP Address (GIADDR)
Flags
Flags
Server Name (SNAME)—64 bytes
Server Name (SNAME)—64 bytes
Filename—128 bytes
Filename—128 bytes
DHCP Options
DHCP Options
Client Hardware Address (CHADDR)—16 bytes
Client Hardware Address (CHADDR)—16 bytes
How DHCP Works
How DHCP Works
DHCP Packet
DHCP Packet
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
7
13
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Common DHCP Options
Option Code
Lease Time 51
Subnet Mask 1
Default Routers 3
DNS Servers 6
Domain Name 15
Host Name 12
WINS Servers 44
NetBIOS Node Type 46
Client Identifier 61
Common DHCP Options
Option Code
Lease Time 51
Subnet Mask 1
Default Routers 3
DNS Servers 6
Domain Name 15
Host Name 12
WINS Servers 44
NetBIOS Node Type 46
Client Identifier 61
How DHCP Works
How DHCP Works
DHCP Options
DHCP Options
• Server passes
configuration options
to client
• Over 100 options defined
• Most DHCP clients support
approximately 10 options
• Custom and vendor
options available
14
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
What’s New in DNS and DHCP
What’s New in DNS and DHCP
• New DNS standards
Dynamic DNS updates (RFC 2136)
Incremental Zone Transfers (RFC 1995)
Notify (RFC 1996)
• New DHCP standards
DHCP Safe Failover (Internet draft)
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
8
15
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
WAN
Secondary
DNS Server
DHCP
Client
Cisco Network
Registrar DHCP
Server
Cisco Network
Registrar Primary
DNS Server
IP Address:
172.16.18.74
IP Address:
172.16.18.74
sbombay-
pc.cisco.com IP:
172.16.18.74
sbombay-
pc.cisco.com IP:
172.16.18.74
Host:
sbombay-pc
Host:
sbombay-pc
Notify
Message
Notify
Message
IXFR
Request
IXFR
Request
Only changed information is sent
sbombay-pc.cisco.com
172.16.18.74
Only changed information is sent
sbombay-pc.cisco.com
172.16.18.74
Dynamic DNS Updates, Notify, and
Dynamic DNS Updates, Notify, and
Incremental Zone Transfers
Incremental Zone Transfers
• Dramatically reduces propagation delay
• Dramatically reduces WAN bandwidth utilization
• Integrates DHCP and DNS
16
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Primary DHCP
Server
Backup DHCP
Server
Backup Address Pool
172.16.18.191-200
Backup Address Pool
172.16.18.191-200
DHCP Safe Failover Protocol
DHCP Safe Failover Protocol
• All DHCP requests are sent
to both servers
• Primary updates backup
with lease information
• Backup takes over when
primary fails
• Backup server uses
dedicated pool of addresses
allocated by the primary to
prevent duplicate IP address
• Servers synchronize when
primary is up
• IETF Internet Draft
Primary Address Pool
172.16.18.101-200
Primary Address Pool
172.16.18.101-200
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
9
17
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
DNS Issues
DNS Issues
17
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
18
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Internal
Network
External
DNS
Server
Internal
DNS
Server
www.cisco.com
mail.cisco.com
ftp.cisco.com
www.cisco.com
mail.cisco.com
ftp.cisco.com
wwwin.cisco.com
callmanager.cisco.com
erpserver.cisco.com
timspc.cisco.com
eng-web.cisco.com
Split DNS
Split DNS
• Two “primary” DNS
servers for the domain
• Hides the structure of
the internal network
• Internal clients point to
internal DNS servers
• External server
publishes web, mail,
ftp and other external
servers
• Internet DNS servers
delegate to external
primary DNS server
Internet
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
10
19
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Small.comBig.com
Internet
Internal
DNS Server
Internal
DNS Server
External
DNS
Server
External
DNS
Server
erp.small.com
Root
DNS Server
Selective Forwarders
Selective Forwarders
Connect to
erp.small.com
20
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
WINS
WINS
• Windows Internet
Names Service (WINS)
NetBIOS Names
Service (NBNS)
Windows NT file and
print services
Flat name space
• Coexists with DNS
• Scaling problems in
large networks
• Going away with
Windows 2000!
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
11
21
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
Windows 2000 and
Windows 2000 and
Active Directory
Active Directory
• Coming soon!
• DNS requirements
Dynamic DNS updates
(RFC 2136)
SRV records
• Active directory is
dependent on DNS
• WINS is phased out
22
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
DHCP Issues
DHCP Issues
22
806
0963_05F9_c3 © 1999, Cisco Systems, Inc.
