CHAPTER 7: TCP/IP and Routing 326 In a more technical definition, DHCP is a communications protocol that allows you to manage IP addressing usage centrally and to automate the assignment of logical addresses in an organization’s network. Remember, each host on the network needs a unique IP address to be able to commu- nicate. When an organization sets up its computer users with a connection to the Internet, an IP address must be assigned to each machine. Without DHCP, the IP address must be entered manually at each computer and, if computers move to another location in another part of the network, a new IP address must be entered. DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network. DHCP uses the concept of a lease, or amount of time, that a given IP address will be valid for a computer. The lease time can vary depending on how long a user is likely to require the Internet connection at a particular location. It’s especially useful in education and other environments where users change frequently. Using very short leases, DHCP can dynamically reconfigure networks in which there are more computers than there are available IP addresses. DHCP supports static addresses for computers containing Web serv- ers that need a permanent IP address; you can make reservations for such addresses. DHCP is an extension of an earlier network IP management protocol, Bootstrap Protocol (BOOTP). DHCP is a more advanced protocol, but both configuration management protocols are commonly used and DHCP can handle BOOTP client requests. Some organizations use both protocols, but understanding how and when to use them in the same organization is important. Some operating systems, including Windows NT/2000, come with DHCP servers. A DHCP or BOOTP client is a program that is located in (and perhaps downloaded to) each computer so that it can be configured. DHCP Operations DHCP was covered briefly earlier in the chapter. DHCP is responsible for automatic and dynamic addressing of your network. It has a lot of com- plexity to it as well. For example, to get DHCP broadcasts to get to remote Note DHCP and its operation are thoroughly covered within the DHCP RFC. www.rfc-editor. org/rfc/rfc2131.txt Private Network Addresses 327 sites that are connected only by routers and T1 links, you would need to configure those routers to pass the DHCP broadcast from the client to the server; if the router is not configured to do so, then it will not pass. This is a common problem seen on the Network exam. Consider the following: You need to allow your clients to communicate with the DHCP server to get an address so they can participate on the network, accessing services and so on. You have three clients on one remote subnet that cannot get a valid IP address, but all other clients can. This is a common issue. Because all other sites work just fine (eliminating the possibility that it could be a server issues affecting all sites) the problem may be that the remote site’s router is not configured to pass the broadcast from the client to the server, which will then give that client a lease on an IP address so it can participate on the network. In this section we cover the basics of DHCP operations. As just mentioned, when a DHCP-based client is booted up, unless already configured with an IP, the client attempts to communicate with a DHCP server to get its TCP/IP configuration information. The following is a list of DHCP message types exchanged between client and server. You will not need to memorize these for the Network exam, although understand- ing these messages simplifies the understanding of DHCP itself and better prepares you for the exam. Dhcpdiscover The first time a DHCP client computer attempts to start on the network, it requests IP address information from a DHCP server by broadcasting a Dhcpdiscover packet. The source IP address in the packet is 0.0.0.0 because the client does not yet have an IP address. The attempt is sent out from the client on the network and as long as the packet can get to the server, the request process can be officially completed by the server. Dhcpoffer When the DHCP server receives the request, it selects an unleased IP address from the range of available IP addresses and offers it to the DHCP client. The lease is generally configured as part of a scope, as mentioned earlier. The lease is good generally for a week by default, although this can be changed. In most cases, the DHCP server also returns additional TCP/IP configuration informa- tion, such as the subnet mask and default gateway in a Dhcpoffer packet. More than one DHCP server can respond with a Dhcpoffer packet, and the client accepts the first Dhcpoffer it receives. Dhcprequest When the client receives the Dhcpoffer packet, it responds by broadcasting a Dhcprequest packet that contains the offered IP address. CHAPTER 7: TCP/IP and Routing 328 Dhcpdecline A message from the DHCP client to the server indi- cating that the offered configuration parameters are invalid. Dhcpack The DHCP server acknowledges the client’s Dhcprequest for the IP address by sending a Dhcpack packet. Dhcpnack If the IP address cannot be used by the client because it is no longer valid or is now used by another computer, the DHCP server will respond with a Dhcpnack packet. Dhcprelease A message from the DHCP client to the server that releases the IP address and cancels any remaining lease. DhCP relay Agents When the DHCP server receives the request from the DHCP client com- puter, it dynamically assigns an IP address to the requesting computer from the range of valid IP addresses contained within the DHCP scope. The DHCP server allocates the IP address with a lease that defines how long the IP address can be used by the client computer. The DHCP server can also establish other configuration parameters, such as subnet mask and Domain name system (DNS) and Windows Internet Name Service (WINS) server identification for the client computer. DNS and WINS are both cov- ered within this chapter. It’s important to remember that when configuring DHCP for clients, it’s not just an IP address that is delivered to the cli- ent, but many other parameters such as DNS server address, WINS server address, subnet mask, default gateway, and routing metrics, all of which are covered within this chapter. To get this information to the client so that it can be used, the client must be able to contact the DHCP server. As mentioned earlier, if it cannot, then you may have a router issue that prevents the broadcast request from getting through. Understanding and configuring DHCP relay agents on a router is a very important part of DHCP to consider as a network engineer. TCP/IP networks are interconnected by routers that connect network segments (sub- nets) and pass IP packets between the subnets. Because routers do not pass broadcasts by default, a configuration change must be added to the router. As mentioned earlier, one of the major components of the DHCP specifica- tion is the DHCP protocol for communications between DHCP servers and clients. If this communication is disrupted or not allowed, DHCP will not function on your network. On the Network exam, you may come across a question or two that tests your knowledge of RFC 1542 and broadcast-based communications when working with an RFC 1542-compliant router. A DHCP server can Multicast, Broadcast, and Unicast 329 only provide IP addresses to clients in multiple subnets, if the router that connects the subnets is an RFC 1542-compliant router. The configuration is commonly called an IP helper address in Cisco Systems-based routers. If the router cannot function as a relay agent, each subnet that has DHCP clients requires a DHCP server. A relay agent is a program used to pass specific types of IP packets between subnets. A DHCP/BOOTP relay agent is simply a hardware or software pro- gram that can pass DHCP/BOOTP messages (packets) from one subnet to another subnet according to the RFC 1542 specification. Now that you understand the basics of network protocols such as IPX/ SPX, AppleTalk, and TCP/IP, let’s continue learning about the TCP/IP suite’s other functionalities, services, applications, and protocols. In the next sec- tion, we will briefly cover the use of multicasting and the TCP/IP used to provide it. MULTICAST, BROADCAST, AND UNICAST With the continuously expanding use of networks, more and more people are deciding that one-to-one networking is not enough anymore. The need to have one-to-many networks has become more important. This is true for large corporations that benefit from e-mail, file sharing, and mirrored servers in two different cities (or countries). New technologies are developed every day. Multicasting can reduce travel expenses while maximizing benefits. Imagine the cost of sending several employees halfway around the world for a conference that lasts less than a day. Not only would you incur the cost of travel, but also the cost of the employees’ time as they travel. A better solution in this case would be to videoconference (which is a very popular and always-developing technology), which allows viewing a Note BOOTP is described in RFC 951 and RFC 1084 and is used for booting diskless nodes. Updated in RFC 1395 and RFC 1497 and superseded by DHCP, BOOTP is still supported for legacy applications on most, if not all DHCP server implementations. The way it works is that when the client is ready to boot up on the network, it sends out a broadcast message requesting information and waits for a reply. The client only has to know its own hardware (Media Access Control, MAC) address. With this information, the BOOTP server will respond with an IP address. CHAPTER 7: TCP/IP and Routing 330 presentation in one window while watching the speaker in another. Ques- tions can be typed while the presentation is in progress, and prioritized for answering at the end of the conference. These are just a few of the features that can be provided by multicasting. Other benefits can include interactive distance learning and corporate announcement transmissions. Multicasting benefits are not limited to video/audio needs. Multicast can be used to push updates to multiple hosts simultaneously, thus reducing the effort and time involved in doing one update at a time. Multicasting can also push computer operating system images to their hosts. The possibilities seem endless and are rapidly growing. The following sections cover the basics of multicasting and how the multicasting address- ing scheme is laid out. Understanding the Basics of Multicasting For the Network exam, you will neither need to understand the dozens of commands that you can program into a router to enable and control multi- casting, nor will you need to know the exact detailed operation of how mul- ticasting protocols such as Internet Group Management Protocol (IGMP) work. However, you do need to know about multicasting fundamentals for the exam. You have already learned about Class D addressing space, which is where multicasting was originally mentioned. Why is there so much con- cern about it? Well, for one, because the use of it is growing, it must mean that the pressure placed on networks today is warranting its use. Bandwidth utilization is the first thing most network technicians and administrators think about when discussing streaming video and other live information feeds to an individual’s PC or across a WAN link that may not have the bandwidth to accommodate it. To simply increase your bandwidth because of a single application’s requirements could be expensive when dealing with telecommunications providers. To understand multicast traffic completely, we have to discuss the other types of traffic. It is important to understand the differences between uni- cast, broadcast, and multicast traffic. Multicasting is UDP-based. Although UDP is not a great example of reliability, it makes more sense for multicast- ing than TCP. For starters, having a multitude of hosts acknowledge receipt of a multicast packet stream would be counterproductive. Additionally, UDP has lower overhead, which provides the speed necessary to support the traffic needs of multicasting. Multicast addresses cannot be used as source addresses for any traffic. Although multicast addresses can be associated with particular interfaces on particular devices (such as 224.0.0.5 for Open Shortest Path First- enabled Multicast, Broadcast, and Unicast 331 (OSPF) interfaces on a router), traffic cannot be sourced from a multicast address because it does not identify a specific host; rather, a multicast address identifies a group of hosts sharing the same address. Multicast addresses are not assigned to a device; rather, a device pro- ceeds to listen for and receive traffic destined to a multicast group that it has joined by some process. For example, routers can join the OSPF multicast group on their network by having OSPF configured, and hav- ing interfaces configured to participate in OSPF routing. In this case, it means that the router will receive traffic destined to multicast IP addresses reserved for OSPF routing. Hosts can opt to join a multicast group by hav- ing certain applications (such as videoconferencing software) installed and configured. Note Remember, the Network+ exam does not dig as deeply into these concepts as this chapter does (such as our last discussion on OSPF). You need to remember facts, such as which protocols are used, which IP address class is used, which IP range is within that class, as well as being able to single out any wrong answers that may be placed in the question as a distracter. Knowing this other information is only going to help you understand what you are memorizing. Understanding multicasting is very important as a network engineer, especially if you are working with videoconferencing or any of the many other applications that use multicasting as an underlying technology. As mentioned earlier, IGMP allows host computers on the Internet to participate in IP multicasting. A multicast address identifies a transmission session instead of a particular physical destination. This allows for sending a message to a large number of recipients without the necessity for the source computer to know the addresses of all the recipients. The network routers translate the multicast address into host addresses. The protocol used to facilitate this is IGMP. IGMP was originally defined in RFC 1112. Exten- sions have been developed and are included in IGMP version 2, addressed in RFC 2236. A computer uses IGMP to report its multicast group memberships to multicast routers. IGMPv2 allows group membership terminations to be reported promptly to the routing protocol. IGMP is required to be used in host computers that wish to participate in multicasting. IGMPv3 is also available for use. Knowing all the version types is not necessary for the Network exam, but it’s important to know if you need to use IGMP, as some versions have (obviously) more functionality, enhancements, and security than others. CHAPTER 7: TCP/IP and Routing 332 Unicast Traffic What is most commonly seen (and wanted on your network) is what is called unicast traffic. Unicast is the transmission of data from one host to another, one host at a time. This is a one-to-one session between one host and another, such as a client and server arrangement. Unicast can be used to support multiple sessions (that is, multicasting) by establishing multiple one-to-one communications to transport the same data stream to multiple hosts. An example of this is shown in Figure 7.5. If the session is required by multiple hosts, a one-to-one connection is established, with the same data transmitted repeatedly to each host. This form of transmission will not transmit to every computer on a network; however, multiple requests for the same conference or data would cause that data to be pushed across the network media at the same time. Thus, as shown in Figure 7.5, a video feed of 1.5 Mbps unicasted to 10 computers on a network requires 15 Mbps of bandwidth. Although this might not seem significant, it can degrade network performance as the feed size and quantity increase. The toll of network usage is realized on the network equipment traversed from source to destination for the video feed. All of the routers and switches will have a considerable amount of data traffic to process. FIGURE 7.5 Unicast Network Video Feed Example. Multicast, Broadcast, and Unicast 333 Broadcast Traffic Broadcast is another option that can be used for transmitting data to a large number of host systems simultaneously. Broadcasts can consume a signifi- cant amount of bandwidth; connections are based on a one-to-all method transmission. This can be seen when using the NetBIOS and ARP proto- cols, as well as many others. Any hosts on a network where a broadcast is generated will process that broadcast (at least far enough to know it is not intended for that system). The broadcast traffic is sent to all computer systems that can be reached on the network. This process launches the 1.5 Mbps video stream to all the interfaces possible, thus not creating the intense bandwidth consumption of a unicast. The problem is that each host receiving the broadcast has to process the 1.5 Mbps data stream continuously until it is finished. If the receiv- ing host does not want the broadcast traffic, valuable resources of the host will still accept the datagram and then determine what to do with it – accept it or reject it. Because this is also a video feed, this large piece of data has to be processed, which can take a considerable toll on the host system. Another disadvantage of using the broadcast transmission for video feeds is the network architecture. On a small network with no routers, this may be a desirable option. On larger networks, or if there are any routers in the path to a host, the default action is to filter (block) the broadcast, meaning that broadcasts must be explicitly allowed to traverse the path to the host. Multicast Traffic Obviously, neither unicast nor broadcast is optimized to handle traffic des- tined for multiple hosts, especially if those hosts are logically assigned to a specific group. Multicasting and the protocols discussed address this need. Multicast traffic establishes a one-to-many type of transmission. This allows the data traffic to only be sent to those who specifically requested the infor- mation, and only sends one stream of traffic to each requesting broadcast domain. Multicast (RFC 1112) is a technology used to address multiple hosts as a group. A source host multicasts to a group of hosts by sending an IP packet to a special IP address associated with that group. The IP address that defines a multicast group is a Class D address (224.0.0.0 to 239.255.255.255), with unique groups allocated their own IP address in that range. This allows multiple multicast groups to be defined at the same time with different CHAPTER 7: TCP/IP and Routing 334 IP addresses. Multicasting sends the data stream only to the group of hosts that specifically want it. All other hosts ignore and do not process the mul- ticast traffic. Multicasting differs from broadcasting because multicasting sends traffic to a group of hosts, not to all hosts on a network. Hosts that are not part of the group will not process the multicast packet because it is not addressed to them. As mentioned earlier in the section, a typical multicast application is videoconferencing. Not all network users want or need to participate in a videoconference; only those users that need to will join the multicast group to receive the video feed. The advantage of multicasting becomes apparent when you consider that using unicast addresses would result in an individual video feedback to each receiver. More users and demand mean more bandwidth used. By using mul- ticasting, only one channel is used, regardless of the number of users: 1000 users only require one channel. Multicast traffic is bidirectional: a host can receive or send multicast packets. As mentioned briefly before, it’s important to understand the need for the group. If only one data stream is being transmitted, how can all of the requesting systems receive the data? Multicasting uses IP addresses to estab- lish multicast groups, which host systems can join to receive multicast data. The multicast data is sent to the group IP address and all listed group mem- bers receive the traffic. Multicast IP Address Designations Class D IP addresses comprise the whole range of multicast addresses, with a range of 224.0.0.0 through 239.255.255.255. Multicast IP addresses are eas- ily recognized by their binary numeration, as their high-end bits are always 1110. For instance 11100000 is equal to 224 and 11101111 is equal to 239. These first 4 bits account for a portion of the IP address; the remaining 28 bits are used for multicast group identification. Two types of multicast IP addresses are used: dynamic and static. Transient (dynamic) addresses are used for the duration of the ses- sion and are relinquished when no longer needed. Dynamic multicast IP addressing allows applications to acquire an IP address for the length of the multicast transmission. This IP address allocation has a certain expiration time and must be considered by the application requesting the address to retain functionality. For example, a transient address is used to multicast a videoconference of an event. After the event is finished, the transient address can be reused. Transient addresses must be coordinated to ensure Understanding Basic IP Routing 335 that two people or organizations do not use the same transient address for different needs. Static multicast IP addresses are a group of IP addresses, ranging from 224.0.0.0 to 224.255.255.255, that have been specifically assigned by the IANA. The permanent addresses are defined in the protocol itself, such as the all-hosts (224.0.0.1), all-routers (224.0.0.2), or RIPv2 group (224.0.0.9) addresses. Permanent addresses can also be assigned by the IANA for other protocols or uses. These addresses are reserved for particular purposes and are referred to as well-known addresses. For a complete listing of statically assigned Class D IP address, see www.iana.org/assignments/multicast- addresses. All reserved static Class D addresses that are used for multicast man- agement and multicast data are never forwarded to these addresses. Static addresses such as 224.0.0.2 include all multicast-enabled router interfaces. Multicast-enabled routers automatically join this “all routers” group upon initialization. In turn, all multicast-enabled hosts must join the all-host sys- tems group 224.0.0.1. Others become active upon activation or configura- tion of some features such as OPSF on a router. UNDERSTANDING BASIC IP ROUTING In this section, we’re going to explore how data is routed on a network using the IP protocol. We’ll begin by discussing how names and addresses are resolved. Then, we’ll look at how packets of data are sent from one network to another to understand the process of basic IP routing. Understanding how routing works will help you to understand the concepts behind routing pro- tocols. In this section, we will thoroughly cover how data is transmitted on a TCP/IP network. This knowledge is easily converted to other suites (such as IPX/SPX). Less commonly used protocols are not covered as thoroughly on the exam, hence we are focused on TCP/IP in this section (and chapter). However, you will need to know how to use protocols and services within the other suites to be able to function in a production environment that may not solely rely on TCP/IP for communication. Consider this as you wrap up your studies for this exam. Think about moving on to other protocols later and dig into them at a much more involved level. Test Day Tip Memorize the Class D range, not the specific assignments for the exam. The specific assignments are for your own knowledge. . source addresses for any traffic. Although multicast addresses can be associated with particular interfaces on particular devices (such as 224.0.0.5 for Open Shortest Path First- enabled Multicast,. IGMP allows host computers on the Internet to participate in IP multicasting. A multicast address identifies a transmission session instead of a particular physical destination. This allows for. You need to allow your clients to communicate with the DHCP server to get an address so they can participate on the network, accessing services and so on. You have three clients on one remote