1. Trang chủ
  2. » Công Nghệ Thông Tin

windows server 2008 tcp ip protocols and services microsoft 2008 phần 5 docx

51 332 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 51
Dung lượng 1,28 MB

Nội dung

172 Part II: Internet Layer Protocols The IGMPv3 Host Membership Report message contains the following fields: ■ Type A 1-byte field set to 0x22 to indicate an IGMPv3 Host Membership Report message. ■ Reserved A 1-byte field set to 0 by the sender and ignored by the receiver. ■ Checksum A 2-byte field that stores a checksum on the IGMPv3 message. ■ Reserved A 2-byte field set to 0 by the sender and ignored by the receiver. ■ Number Of Group Records A 2-byte field that indicates the number of group records contained in the message. ■ Group Record A variable-sized field that contains a multicast address on which the sending host is listening and either an include list or exclude list of sources. Figure 7-7 shows the structure of an IGMPv3 Host Membership Report message group record. Figure 7-7 The structure of the IGMPv3 Host Membership Report message group record The IGMPv3 Host Membership Report message group record contains the following fields: ■ Record Type A 1-byte field that indicates the type of group record and whether the list of sources is an inclusion or exclusion list. ■ Auxiliary Data Length A 1-byte field that indicates the number of bytes of auxiliary data included in the group record. ■ Number Of Sources A 2-byte field that indicates the number of multicast sources con- tained in the group record. ■ Multicast Address A 4-byte field that indicates the IP address of the group that the host is joining. ■ Source Address A 4-byte field that indicates the unicast IP address of a multicast source. ■ Auxiliary Data A variable-sized field that contains additional data for this group record. . . . Record Type Auxiliary Data Length Number of Sources Multicast Address Source Address 1 . . . Source Address n Auxiliary Data Chapter 7: Internet Group Management Protocol (IGMP) 173 IGMP in Windows Server 2008 and Windows Vista Windows Server 2008 and Windows Vista support IP multicast sending, receiving, and forwarding through the TCP/IP protocol and, for Windows Server 2008, the Routing and Remote Access service. TCP/IP Protocol TCP/IP for Windows Server 2008 and Windows Vista supports IP multicast traffic in the following ways: ■ To support host reception of IP multicast traffic, TCP/IP for Windows Server 2008 and Windows Vista is an IGMPv1, IGMPv2, and IGMPv3-capable host. ■ To support host transmission and reception of IP multicast traffic, TCP/IP for Windows Server 2008 and Windows Vista supports the mapping of IP multicast addresses to MAC addresses for Ethernet network adapters as described in this chapter. For Token Ring network adapters, all IP multicast traffic is mapped to the Token Ring functional address of 0x-C0-00-00-04-00-00. ■ To support the forwarding of IP multicast traffic, TCP/IP for Windows Server 2008 and Windows Vista supports multicast forwarding based on the setting of the EnableMulti- castForwarding registry value and the entries in the TCP/IP multicast forwarding table. You can view the contents of the TCP/IP multicast forwarding table on a computer run- ning Windows Server 2008 from the Routing and Remote Access snap-in or from the display of the netsh routing ip show mfe command. In Windows Server 2008 and Windows Vista, IP multicast forwarding is controlled by the following registry value: EnableMulticastForwarding Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Data Type: REG_DWORD Valid Range: 0-1 Default: 0 Present by Default: No EnableMulticastForwarding enables (when set to 1) or disables (when set to 0) the forward- ing of IP multicast traffic. By default, multicast forwarding is disabled. In Windows Server 2008 and Windows Vista, the maximum version of IGMP can be con- trolled by the netsh interface ipv4 set global mldversion=version1|version2|version3 command. By default, Windows Server 2008 and Windows Vista support IGMPv3 as the maximum version of IGMP. 174 Part II: Internet Layer Protocols Routing And Remote Access Service In Windows Server 2008, the Routing and Remote Access service functions as a limited mul- ticast forwarder using IGMPv1, IGMPv2, or IGMPv3 to track local group membership. Because IGMP is not a true multicast routing protocol, routers running Windows Server 2008 can support only limited multicast configurations. In the Routing and Remote Access service, IGMP is a routing protocol component that is typically added by the Routing and Remote Access Server Setup wizard. Alternatively, you can add IGMP as an IPv4 routing protocol from the Routing and Remote Access snap-in. Depend- ing on your choices in the wizard, you might need to add individual routing interfaces to the IGMP routing protocol and configure them for either IGMP router mode or IGMP proxy mode. Interfaces in IGMP Router Mode An interface in IGMP router mode acts as an IGMP-capable IP multicast forwarder and per- forms the following actions: ■ Places the network adapter in multicast promiscuous mode If the network interface is a broadcast network type such as Ethernet, the network adapter is placed in multicast promiscuous mode. If the network adapter does not support multicast promiscuous mode, an event is logged in the system event log. ■ Manages local subnet multicast group membership The routing interface uses IGMP to listen for IGMP Host Membership Report and Leave Group messages, to elect an IGMP querier, and to send General and Group-Specific Host Membership Query messages. ■ Updates the TCP/IP multicast forwarding table Based on ongoing group membership for the interface, IGMP in conjunction with other components of the Routing and Remote Access service maintains the TCP/IP multicast forwarding table. Interfaces in IGMP Proxy Mode An interface in IGMP proxy mode acts as an IGMP-capable IP multicast proxy host for hosts on IGMP router mode interfaces and performs the following functions: ■ Forwards IGMP Host Membership Report messages IGMP Host Membership Report messages received on IGMP router mode interfaces are forwarded on the IGMP proxy mode interface. The forwarded Host Membership Report messages have a TTL of 1. The received Host Membership Report messages are not forwarded using the entries in the TCP/IP multicast forwarding table. ■ Adds multicast MAC addresses to the network adapter table For each group address registered by proxy, the corresponding multicast MAC address is added to the table of interesting MAC addresses on the network adapter (for local area network [LAN] tech- nologies such as Ethernet). The network adapter is not placed in promiscuous mode Chapter 7: Internet Group Management Protocol (IGMP) 175 unless the network card cannot support listening to all required multicast MAC addresses. Nonlocal IP multicast traffic received on the IGMP proxy mode interface is passed to the TCP/IP protocol for multicast forwarding. ■ Updates the TCP/IP multicast forwarding table To facilitate the forwarding of multicast traffic from a multicast source on an IGMP router mode interface to a group member downstream from the IGMP proxy mode interface, the IGMP routing protocol adds entries to the TCP/IP multicast forwarding table so that all nonlocal IP multicast traffic received on IGMP router mode interfaces is forwarded over the IGMP proxy mode inter- face. The IGMP proxy mode interface forwards all nonlocal multicast traffic received from IGMP router mode interfaces regardless of whether or not there are group mem- bers present downstream from the IGMP proxy mode interface. IGMP proxy mode is designed to connect a Windows Server 2008-based router to a fully capa- ble IP multicast internetwork. As Figure 7-8 shows, IGMP proxy mode is enabled on the inter- face that is connected to the multicast-enabled internetwork. Figure 7-8 The use of IGMP router mode and proxy mode The combination of IGMP router mode interfaces and the IGMP proxy mode interface allows the sending and receiving of IP multicast traffic for hosts on a peripheral subnet using a router running Windows Server 2008. Multicast Group Members on IGMP Router Mode Interfaces Host members on IGMP router mode interfaces receive host group traffic through the following process: 1. A host sends an IGMP Host Membership Report message on the local subnet. IGMP router mode interface IGMP proxy mode interface Windows Server 2008-based router Sending or receiving host Neighboring IP multicast router IP multicast-enabled internetwork 176 Part II: Internet Layer Protocols 2. The router updates its multicast forwarding table with the appropriate entry. 3. The IGMP routing protocol adds the multicast MAC address corresponding to the IP multicast address to the table of interesting MAC addresses on the network adapter on which IGMP proxy mode is enabled. 4. The router forwards the IGMP Host Membership Report message on the IGMP proxy mode interface. 5. The neighboring IP multicast-enabled router receives the IGMP Host Membership Report message, makes the appropriate changes to its multicast forwarding table, and informs downstream IP multicast-enabled routers using multicast routing protocols that a host member exists on the IGMP proxy mode interface subnet. Routers of the IP multicast-enabled internetwork forward IP multicast traffic sent to the host group to the neighboring IP multicast-enabled router, which forwards the traffic on the IGMP proxy mode interface subnet. The IGMP proxy mode interface receives the multicast traffic and submits it to the TCP/IP multicast forwarding process. Based on the entries in the multi- cast forwarding table, the IP multicast traffic is forwarded on the IGMP router mode interface connected to the subnet containing the host member. Multicast Sources on IGMP Router Mode Interfaces The multicast traffic of multicast sources on IGMP router mode interfaces is forwarded through the following process: 1. A multicast source host sends nonlocal IP multicast traffic to a specific group address. 2. The IGMP router mode interface receives the multicast traffic. 3. For the first multicast packet, the IGMP routing protocol adds an entry to the TCP/IP multicast forwarding table, indicating that there are host members present on the IGMP proxy mode interface. 4. The multicast traffic is passed to the multicast forwarding process. Based on the entries in the multicast forwarding table, the multicast traffic is forwarded on the IGMP proxy mode interface. 5. The neighboring IP multicast-enabled router receives the IP multicast traffic and passes it to the multicast forwarding process. Based on the entries in the multicast forwarding table of the IP multicast-enabled router, the multicast packet is either forwarded to host members (local or downstream) or silently discarded. Summary IGMP provides a mechanism for hosts to register their interest in receiving IP multicast traffic sent to a specific group address (the Host Membership Report message), for hosts to indicate that they are no longer interested in receiving IP multicast traffic sent to a specific group address (the Leave Group message), and for routers to query the membership of all host Chapter 7: Internet Group Management Protocol (IGMP) 177 groups (the General Host Membership Query) or a single host group (the Group-Specific Host Membership Query). TCP/IP for Windows Server 2008 and Windows Vista supports IGMPv1, IGMPv2, and IGMPv3, as well as IP multicast forwarding. In Windows Server 2008, the Routing and Remote Access service uses the IGMP routing protocol component and inter- faces in IGMP router and proxy mode to maintain the IP multicast forwarding table and provide multicast forwarding in limited configurations. 179 Chapter 8 Internet Protocol Version6(IPv6) In this chapter: The Disadvantages of IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Core Protocols of IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Differences Between IPv4 and IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 After decades of faithful service, the current version of IP, also known as IP version 4 (IPv4), is showing signs of age. The growth of the Internet and the inclusion of a variety of unantici- pated technologies are putting a strain on the original design. Before we begin to discuss IPv4’s pitfalls, we must take a moment to reflect on the design of IPv4. This protocol was designed in the late 1970s (roughly the Bronze Age of computing) and has risen above all other networking protocols to become the de facto world standard for data communications. There are not many computer technologies that were designed in 1978 that are still in use today, much less as the cornerstone of a global communications infrastructure. Note Because this book is primarily about IPv4, the coverage of IPv6 in this chapter is delib- erately written to provide an overview and how it compares with IPv4. Throughout the rest of this book, when IP is used, it denotes IPv4. For more information about IPv6 and its implemen- tation in Microsoft Windows Server 2008 and Windows Vista, see the book Understanding IPv6, 2 nd Edition (Redmond, Wash: Microsoft Press, 2008) by Joseph Davies or the resources on http://www.microsoft.com/ipv6. More Info All of the RFCs referenced in this chapter can be found in the \Standards\Chap08_IPv6 folder on the companion CD-ROM. The Disadvantages of IPv4 On today’s Internet, IPv4 has the following disadvantages: ■ Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the initial address 180 Part II: Internet Layer Protocols class allocation practices of the early Internet, public IPv4 addresses are becoming scarce. Organizations in the United States hold most public IPv4 address space worldwide. This limited address space has forced the wide deployment of network address transla- tors (NATs), which can share one public IPv4 address among several privately addressed computers. NATs have the side effect of acting as a barrier for server, listener, and peer-to-peer applications running on computers that are located behind the NAT. Although there are workarounds for NAT issues, they only add complexity to what should be an end-to-end addressable global network. ■ Flat routing infrastructure In the early Internet, address prefixes were not allocated to create a summarizable, hierarchical routing infrastructure. Instead, individual address prefixes were assigned and each address prefix became a new route in the routing tables of the Internet backbone routers. Today’s Internet is a mixture of flat and hierarchical routing, but there are still more than 85,000 routes in the routing tables of Internet backbone routers. ■ Configuration IPv4 must be configured, either manually or through the Dynamic Host Configuration Protocol (DHCP). DHCP allows IPv4 configuration administration to scale to large networks, but you must also configure and manage a DHCP infrastructure. ■ Security Security for IPv4 is specified by the use of Internet Protocol security (IPsec). However, IPsec is optional for IPv4 implementations. Because an application cannot rely on IPsec being present to secure traffic, an application might resort to other security standards or a proprietary security scheme. The need for built-in security is even more important today, when we face an increasingly hostile environment on the Internet. ■ Prioritized delivery Prioritized packet delivery, such as special handling parameters for low delay and low variance in delay for voice or video traffic, is possible with IPv4. How- ever, it relies on a new interpretation of the IPv4 Type Of Service (TOS) field, which is not supported for all the devices on the network. Additionally, identification of the packet flow must be done using an upper layer protocol identifier such as a TCP or User Datagram Protocol (UDP) port. This additional processing of the packet by intermedi- ate routers makes forwarding less efficient. ■ Mobility Mobility is a new requirement for Internet-connected devices, in which a node can change its address as it changes its physical attachment to the Internet and still maintain existing connections. Although there is a specification for IPv4 mobility, due to a lack of infrastructure, communications with an IPv4 mobile node are inefficient. All of these issues and others prompted the Internet Engineering Task Force (IETF) to begin the development of a replacement protocol for IPv4 that would solve the problems of IPv4 and be extensible to solve additional problems in the future. The replacement for IPv4 is IPv6. Note The version number 5 was reserved for a different replacement protocol for IPv4 that was never implemented. Chapter 8: Internet Protocol Version 6 (IPv6) 181 IPv6 solves the problems of IPv4 in the following ways: ■ Huge address space IPv6 addresses are 128 bits long, creating an address space with 3.4 × 10 38 possible addresses. This is plenty of address space for the foreseeable future and allows all manner of devices to connect to the Internet without the use of NATs. Address space can also be allocated internationally in a more equitable manner. ■ Hierarchical routing infrastructure IPv6 addresses that are reachable on the IPv6 portion of the Internet, known as global addresses, have enough address space for the hierarchy of Internet service providers (ISPs) that typically exist between an organiza- tion or home and the backbone of the Internet. Global addresses are designed to be summarizable and hierarchical, resulting in relatively few routing entries in the routing tables of Internet backbone routers. ■ Automatic configuration IPv6 hosts can automatically configure their own IPv6 addresses and other configuration parameters, even in the absence of an address config- uration infrastructure such as DHCP. ■ Required support for IPsec headers Unlike IPv4, IPv6 support for IPsec protocol head- ers is required. Applications can always rely on industry standard security services for data sent and received. However, the requirement to process IPsec headers does not make IPv6 inherently more secure. IPv6 packets are not required to be protected with Authentication Header (AH) or Encapsulating Security Payload (ESP). For more infor- mation about IPsec, AH, and ESP, see Chapter 18, “Internet Protocol Security (IPsec).” ■ Better support for prioritized delivery IPv6 has an equivalent to the IPv4 TOS field that has a single interpretation for nonstandard delivery. Additionally, a Flow Label field in the IPv6 header indicates the packet flow, making the determination of forwarding for nondefault delivery services more efficient at intermediate routers. ■ Support for mobility Rather than attempting to add mobility to an established protocol with an established infrastructure (as with IPv4), IPv6 can support mobility more effi- ciently. Note IPv6 is not designed to be a superset of IPv4 functionality and is not backward compatible with IPv4. IPv6 Addressing The IPv6 address is 128 bits long, creating an address space of almost inconceivable size. With 128 bits you can express more than 3.4 × 10 38 combinations. Unlike IPv4 unicast addresses, the structure of an IPv6 unicast address is very simple: The first 64 bits are for a subnet prefix and the last 64 bits are for an interface identifier. Although you can perform vari- able-length subnetting within the 64 bits of the subnet prefix, the host ID equivalent for IPv6 is always the same size. The 64 bits of subnet prefix provide enough addressing space to [...]... Etype = Internet IP (IPv4) + Ipv4: Next Protocol = TCP, Packet ID = 57 288, Total IP Length = 150 0 - Tcp: Flags= A , SrcPort=FTP data(20), DstPort=1163, Len=1460, Seq=103 857 7021 103 857 8481, Ack=393098 352 4, Win=1 752 0 (scale factor not found) SrcPort: FTP data(20) DstPort: 1163 SequenceNumber: 103 857 7021 (0x3DE76D7D) AcknowledgementNumber: 393098 352 4 (0xEA4E0C64) - DataOffset: 80 (0x50) DataOffset: (0101... through Windows Sockets) The sending node then passes the source IP address, destination IP address, source port, destination port, and the data to be sent to TCP/ IP The TCP component segments the data as needed The TCP component Chapter 10: Transmission Control Protocol (TCP) Basics 2 05 calculates the Checksum field and indicates the TCP segment with the appropriate source IP address and destination IP. .. routers Like IPv4, IPv6 is connectionless and provides a best-effort delivery to the destination The IPv6 header is not compatible with the IPv4 header An IPv4-only node silently discards IPv6 packets and an IPv6-only node silently discards IPv4 packets Chapter 8: Internet Protocol Version 6 (IPv6) 1 85 ICMPv6 ICMPv6, defined in RFC 4443, provides error reporting and diagnostic functions for IPv6 Additionally,... segment), is identified in the IP header with IP Protocol number 6 The segment can be a maximum size of 65, 4 95 bytes: 65, 5 35 minus the minimum-size IP header (20 bytes) and the minimum-size TCP header (20 bytes) The resulting IP datagram is then encapsulated with the appropriate Network Interface Layer header and trailer Figure 10-1 displays the resulting frame In the IP header of TCP segments, the Source... Service NetBIOS Session Service TCP Port 21 TCP Port 80 TCP Port 23 TCP Port 139 TCP Protocol 6 IP Figure 10-3 The demultiplexing of a TCP segment to the appropriate Application Layer protocol using the IP Protocol field and the TCP Destination Port field Best Practices TCP ports are separate from UDP ports, even for the same port number A TCP port represents one side of a TCP connection for an Application... header and its payload (a message), is identified in the IP header with IP Protocol number 17 (0x11) The message can be a maximum size of 65, 507 bytes: 65, 5 35 minus the minimum-size IP header (20 bytes) and the UDP header (8 bytes) The resulting IP datagram is then encapsulated with the appropriate Network Interface Layer header and trailer Figure 9-1 shows the resulting frame Network Interface header IP. .. 1 752 0 (scale factor not found) Checksum: 46217 (0xB489) UrgentPointer: 0 (0x0) TCPPayload: + Ftp: Data Transfer To Client,DstPort = 1163,size = 1460 bytes Note Network Monitor 3.1 parses the last bit of the Reserved field of the TCP header as the Nonce Sum field, which is defined in RFC 354 0 TCP/ IP in Windows Server 2008 and Windows Vista does not support RFC 354 0 204 Part III: Transport Layer Protocols. .. Layer protocols Table 10-1 shows assigned TCP port numbers used by components of Windows Server 2008 and Windows Vista Table 10-1 Well-Known TCP Port Numbers Port Number Application Layer Protocol 20 FTP Server (data channel) 21 FTP Server (control channel) 23 Telnet Server 25 Simple Mail Transfer Protocol (SMTP) 69 Trivial File Transfer Protocol (TFTP) 80 Hypertext Transfer Protocol (HTTP; Web server) ... Chapter 5, “Internet Protocol (IP) .” Note TCP/ IP for Windows Server 2008 and Windows Vista always calculates a value for the UDP checksum The following Network Monitor trace (Capture 9-01 in the \Captures folder on the companion CD-ROM) shows the structure of the UDP header for a DNS Name Query Request message: Frame: + Ethernet: Etype = Internet IP (IPv4) + Ipv4: Next Protocol = UDP, Packet ID = 163 85, ... address to the IP component When receiving a TCP segment at the destination, IP verifies the IP header Then, based on the value of 6 in the Protocol field, IP passes the TCP segment, the source IP address, and the destination IP address to the TCP component After verifying the TCP Checksum field, the TCP component verifies the destination port If a process is listening on the port, the TCP segment is . in Windows Server 2008 and Windows Vista Windows Server 2008 and Windows Vista support IP multicast sending, receiving, and forwarding through the TCP/ IP protocol and, for Windows Server 2008, . traffic, TCP/ IP for Windows Server 2008 and Windows Vista is an IGMPv1, IGMPv2, and IGMPv3-capable host. ■ To support host transmission and reception of IP multicast traffic, TCP/ IP for Windows Server. Host Membership Query). TCP/ IP for Windows Server 2008 and Windows Vista supports IGMPv1, IGMPv2, and IGMPv3, as well as IP multicast forwarding. In Windows Server 2008, the Routing and Remote

Ngày đăng: 14/08/2014, 14:20

TỪ KHÓA LIÊN QUAN