(Lecture6-Allocation.pdf 第43页,Panopto: 26 Oct)
-
以太网地址就是MAC地址,通常是计算机固有的
Ethernet Addresses (MAC addresses) are normally inherent to the machine. -
48 bits (6字节)
- 3字节用于识别生产商
- 3字节用于识别设备
-
可以被各种原因而更改,比如好的原因可以能是一些旧协议需要修改mac地址以匹配更高层的地址。坏原因:mac地址欺骗以逃避访问控制。以及一些不寻常的原因:重复MAC地址,可能性不大,发生了就简直了
Can be changed for good-ish reasons (some old protocols altered the MAC address to match the higher layer address), bad reasons (“MAC spoofing” to evade access controls) and unusual reasons (duplicates are not unheard of, although you would be amazingly unlucky).
- Static Allocation 静态分配
- bootp (过时了已经)
- DHCP/DHCPv6
- SLAAC (IPv6 only)
-
在某些配置文件/内存/注册表中会给定一个IP地址给终端
The end point is given an IP number in some sort of configuration file / memory / register. -
每次设备启动时便会得到那个IP地址,即便它可能对网络来说是错误的,可能发生冲突等
Each time the device boots, it gets exactly that IP number, even if it is wrong for the network, clashes with other devices, etc. -
设备有可能会注意到它是重复的,但却几乎没有保护措施来预防
The machine might notice that it is a duplicate, but otherwise has very little protection.
-
静态分配对路由器和基础设施设备很重要,这些设备在电源故障后需尽快恢复正常
Essential for routers and infrastructure devices that need to be up in the very early stages after a power failure. -
通常用于需要固定地址的服务器
Often used for servers that need to have fixed addresses (www.my.domain, mail.my.domain).
-
设备会广播自己的以太网地址
Device broadcasts its ethernet address -
bootp服务器会返回一个IP以及别的东西(DNS服务器,默认路由器)
“bootp server” hands back an IP number and some other stuff (DNS servers, default router). -
这又会有什么问题呢?
-
Bootp被定义为RFC951
-
讽刺的是,这个又Sun员工编写的东西从未被Sun自己用过,因为bootp对于他们的需求来说不够强大
-
其中一个原因是没有一个reclaim IP的机制
-
只有通过在一次路由才能真正用于静态分配,因为它不能回收不用的地址。
Only really works for static assignments by another route, because no means to reclaim addresses that are no longer used.
-
Dynamic Host Configuration Portocol
-
提供一种在指定时间租用临时IP的方法,以及获取路由器,DNS时间服务器等的地址映射
Provides a means to lease a temporary IP number for a specified duration, as well as obtaining addresses mappings for routers, DNS, time servers, etc. -
这是目前LAN中分配IPv4地址的主要方式
-
客户端广播一个对IP的请求,包括其MAC地址或其它标识符(DHCPDISCOVER)
Client broadcasts a request for an IP number, including its MAC address or some other identifier (DHCPDISCOVER) -
服务器为你保留一个可用IP,并且广播一个租赁时间 - IP有效期 (DHCPOFFER)
Server(s) reserve an available IP number, and broadcast an offer of it with a lease time (how long IP number is valid for)(DHCPOFFER) -
客户端从offer中选择一个,并广播已选IP的答复 (DHCPREQUEST)
Client chooses from amongst offers, and broadcasts a reply containing chosen IP number (DHCPREQUEST) -
提供IP的服务器完成保留并确认(DHCPACK); 其它服务器会看到他们的offer被拒绝 (或者等待一个适当的间隔,单方面取消预定)
Server that offered the IP number finishes reserving it and acknowledges (DHCPACK); other servers see that their offer has been declined and unreserve their offer (or wait a decent interval and free the reservation unilaterally)
-
DHCP可以像bootp一样工作,或是总是像静态分配那样工作。相同的MAC地址提供相同的IP号,以配置静态机器
DHCP can work like bootp, always handing out the same IP number for the same MAC address, to configure static machines -
或者它可以管理一个临时地址池
Or it can manage a pool of temporary addresses -
智能的DHCP服务器会存储分配,因此如果你请求一个地址,你总是会从池中获得相同的地址,除非它同时被分配给其他人。
Smart DHCP servers store the assignments so that if you ask for an address, you always get the same one from the pool unless it has been allocated to someone else in the meantime. -
设备请求地址,DHCP从地址池中给你一个地址,你用完之后再还回去,这就是家用路由器的操作。
-
更智能的DHCP服务器还可以更新DNS服务器,将名称记录与IP绑定
Very Smart DHCP servers can update DNS servers to record the name to IP binding
-
DHCP failure将会造成严重问题,debug也是非常困难的
-
简单的家庭路由器可能会忽略这一点,本质上重启路由器可能需要重新启动所有终端设备才能使所有状态一致,因此通常一个ip lease的时间很短(长时间lease一旦路由器重启那么就会出问题)
-
无法扩展到非常大的网络
Not scalable into very large networks -
Security nightmare (DHCP server is an implicit by-pass for any filtering that firewalls might do)
-
每个网络上的中继代理通常是嵌入在路由器中的(但可以是独立的)
Relay agent on each network, usually embedded in router (but can be standalone) -
中继代理监听广播packet
Relay agent hears a broadcast packet -
填入自己的地址 然后将所有请求发送到一个已知的到DHCP服务器
-
DHCP服务器收到一个DHCP包,其中包含一个中继地址
-
服务器对中继返回响应
-
中继代理再将其广播到局域网