In DHCP protocol we have 4 packets named DORA.
first of all client send a broadcast Discovery packet for detecting DHCP server.
Then server send a Offer packet contain ip, subnet and many options and waiting for client.
If client find Offer packet suitable, send a broadcast Request and get ACK or NAK.
But why ?
Why we can't ignore Request packet and replace this way to sending 3 packets.
Discovery, Offer and ACK.
client -> Discovery
server -> Offer
client -> ACK
Why this way is not secure or suitable ?
When the client broadcasts the Discover packet, it may get Offer packets from multiple DHCP servers. The purpose of the Request packet is to say to one of the servers, "I want to use the IP address that you offered to me". If that wasn't sent:
the server whose offered IP the client is going to use wouldn't know not to offer that IP to a different client, and
the other servers wouldn't know that they can offer their IPs to other clients.
Then the final Acknowledge packet tells the client that the server has gotten the Request, and that the client now has the "lease" on the IP address.
This is intended to ensure that:
IP addresses are not wasted because a server thinks the client is using the Offered IP, when the client is actually using a different server's Offered IP.
The same IP is not accidentally leased to two clients at the same ... which causes chaos.
In the variation that you proposed, suppose that the ACK packet from the client to the server is lost. Now the server won't realize that the client is going to use the Offered IP address. A few minutes later, it could then Offer the same IP address to a different client and ... chaos ensues.
Please don't imagine that the people who design internet protocols are dullards. They have thought these things through carefully before they write the RFCs. And many other (equally smart) people have gone over the pre-approved RFCs carefully looking for problems. So ... if there is something about a standard protocol that you think is wrong ... it is probably you, and not the protocol designer who is mistaken.
Related
I'm trying to understand UDP hole punching and I just don't quite get it.
In concept it seems simple but when I put it into practice I can't pull it off.
From what I understand there's a public server we call the hole-punch server. A client makes a request to hole-punch server (this is public). The hole-punch server spits out a public ip and port of the client that just made the request. So long as that port is open then essentially any random client can make a request to that client using that specific port and ip ?
The issue I guess I'm having is, the client is able to make a request to the server. The server is able to send data back to the client on that public port and ip however when another client tries to send a request to that client using that same port and ip it just doesn't go through and that's what's confusing me. If the server can make the request why can't another random client make that request?
The thing to know about UDP hole-punching is that many consumer-grade Internet routers/NAT-firewalls have a policy along the lines of "block any incoming UDP packets, except for UDP packets coming from an IP address that the user's local computer has recently sent a UDP packet to"; the idea being that if the local user is sending packets to a particular IP address, then the packets coming back from that same IP address are probably legitimate/desirable.
So in order to get UDP packets flowing between two firewalled/NAT'd computers, you have to get each of the two computers to first send a UDP packet to the other one; which is a bit of a chicken-and-egg problem since they can't know where to send the UDP packet without being able to communicate; the public server is what solves that problem. Since that server is public, both clients can communicate with the server (via UDP or TCP or HTTP or whatever), and that server can tell each client the IP address and port to send its UDP packets to. Once each client has sent some initial packets to the other, it should also (in most cases) then be able to receive UDP packets from the other client as well, at which point the server is no longer necessary as a go-between.
I have a Client issuing a request to server S. Assume UDP/TCP request. HOP1 is a load balancer switch and assume it has detected that path HOP4->HOP5 is better to route the packet to ServerS. My Question is , After HOP1 has received the pkt generated by client, how can it force the packet to take the best path as calculated to reach S i.e. via HOP4 only.
CL -------HOP1---------HOP2-------HOP3--------ServerS
| |
|-----------HOP4-----HOP5-----------|
I was thinking, that HOP1 should set the field SA,DA, MAC-SA, MAC-DA fields of the pkt as follows :
SA : HOP1
DA : ServerS
SMAC - HOP1MAC
DMAC - HOP4MAC
Would that work ? Is there any better approach ?
My Other doubt is that, for Server S, HOP4 would appear as CLient since it forwarded the client request impersonating as client to Server S. So, HOP4 would receive the reply from Server S. How HOP4 can determine that the reply it has received is actually for the CLient CL and not for itself ? Does NAT comes into picture ? Can somebody shed some light ?
IP has a source routing option, but no network engineer worth his pay configures routers to allow source routing. Network routing needs to be deterministic, and the routing protocols will determine which direction packets should go. Allowing an end-device or application to do that breaks this.
MAC addresses are layer-2 addresses, and the layer-2 frames are stripped off the layer-3 packets and discarded at each hop. A new layer-2 frame is created for each hop in the path, and it is stripped off and discarded at the net hop. MAC addresses are only local to a LAN, and they do not survive across a router hop. Using a destination MAC address that is not local to the source LAN will guarantee failure. In fact, not all layer-2 protocols use MAC addresses, and you have no way to know if any of the links between the hops do are don't use MAC addresses. Of the layer-2 protocols that do use MAC addresses, some use 48-bit MAC addresses, and some use 64-bit MAC addresses.
There really is no way an application or host can guarantee the path that packets will take. That is a job for the routers.
I think after gaining some more wisdom in the field of networking, I got the answer to this Question.
Source packet routing (SPRING) is the new buzz in networking to achieve it.
Other techniques is Tunneling - Ip in IP encapsulation, GRE tunnels etc.
I want to know how two computers with VoIP software can be connected to each other and exchange voice data without having an external IP address.
You would need an static IP address only if you were trying to connect the two to each other directly. The VOIP server acts as a go-between.
Example:
Person 1 and Person 2 are trying to get into a VOIP call
They both register with the VOIP server with their IDs.
When one ID places a call to another, the there is a connection between the two, with the server in between, but not directly with each other.
SIP (Session Initiation Protocol) is usually the Protocol used for VOIP. There is a SIP registrar, which is the server. You can establish your own SIP server using Asterisk's free solution. SIP actually makes it possible to directly connect peers. However, this isnt possible over the internet where people dont have static IPS
Software like skype use a similar workflow. The skype client tries to connect the peers. When it cant, it uses something like UDP Hole Punching.
Every computer in the internet has an external IP.
The internet works that way.
There are numerous pages on the internet, where you can see your 'external IP'.
Regarding the voice exchange: They connect to a server and that server either does the relaying himself, or exchanges the IP information between the clients, who are then left to create a connection among themselves.
The actual data of a VoIP call is carried over RTP, which really only takes 24-64Kbps (depending upon codec) and requires UDP addresses going each way. Occasional RTCP packets are sent to report status, metrics, etc, but are not really needed.
SIP is used for call setup and teardown.
There is always a network address between two VoIP endpoints, comprised of the IP address and the VoIP socket.
And yes, you could proxy RTP over some other transport protocol, or tunnel (through http?), etc.
As some one mentioned in other forum that interviewer has asked the question given below.
I dont know exact answer but I would say HTTP request ? Any suggestion and explainations
Imagine a user sitting at an Ethernet-connected PC. He has a browser open. He types "www.google.com" in the address bar and hits enter.
Now tell me what the first packet to appear on the Ethernet is .
Thanks
There's no guaranteed always-correct answer, but there are a few likely possibilities.
If the client is configured for DNS over UDP, then the first packet will be a UDP datagram containing a DNS query to resolve www.google.com to an IP address.
If the client is configured for DNS over TCP and the browser hasn't already got an established TCP connection to the DNS server, the first packet will be part of the connection handshake to DNS, and therefore the answer will be that a SYN packet is first out of the gate.
If the browser has been coded to maintain a long-lived TCP connection to the DNS server and assuming the DNS server has allowed the connection to stay alive, the first packet will be a DNS query, sent across the existing connection to that DNS server.
Finally, if the browser had recently visited www.google.com recently and is built to do some smart local caching of DNS query results then the first packet will be a SYN to establish a new connection to Google's web server.
If you want to be glib but absolutely precise about it, drop down a layer for your answer and say, "The first packet out will be an Ethernet frame containing a payload which supports whatever higher-level protocol is needed for the browser to serve up www.google.com". In fairness, the question is about the Ethernet layer...
Strictly speaking, with a completely blank slate, the first packet sent will be an ARP broadcast request ("Who has?") from the client PC attempting to discover the MAC address of its default gateway (or of its DNS server if that is on the same subnet as the client).
Interesting :) I just wiresharked it:
Client sends a SYN
Server replies with a SYN,ACK
Client sends an ACK
Client sends an HTTP GET
(like you mention in your comments the first is obviously the DNS lookup)
From what I understand, each HTTP request uses its own TCP connection (please correct me if i'm wrong). So, let's say that there are two current connections to the same server. For example, client side javascript code triggering a couple of AJAX POST requests using the XMLHttpRequest object, one right after the other, before getting the response to the first one. So we're talking about two connections to the same server, each waiting for a response in order to route it to each separate callback function.
Now here's the thing that I don't understand: The TCP packet includes source and destination ip and port, but won't both of these connections have the same src and dest ip addresses, and port 80? How can the packets be differentiated and routed to appropriately? Does it have anything to do with the packet sequence number which is different for each connection?
When your browser creates a new connection to the HTTP server, it uses a different source port.
For example, say your browser creates two connections to a server and that your IP address is 60.12.34.56. The first connection might originate from source port 60123 and the second from 60127. This is embedded in the TCP header of each packet sent to the server. When the server replies to each connection, it uses the appropriate port (e.g. 60123 or 60127) so that the packet makes it back to the right spot.
One of the best ways to learn about this is to download Wireshark and just observe traffic on your own network. It will show you this and much more.
Additionally, this gives insight into how Network Address Translation (NAT) works on a router. You can have many computers share the same IP address and the router will rewrite the request to use a different port so that two computers can simultaneously connect to places like AOL Instant Messenger.
They're differentiated by the source port.
The main reason for each HTTP request to not generate a separate TCP connection is called keepalives, incidentally.
A socket, in packet network communications, is considered to be the combination of 4 elements: server IP, server port, client IP, client port. The second one is usually fixed in a protocol, e.g. http usually listen in port 80, but the client port is a random number usually in the range 1024-65535. This is because the operating system could use those ports for known server protocols (e.g. 21 for FTP, 22 for SSH, etc.). The same network device can not use the same client port to open two different connections even to different servers and if two different clients use the same port, the server can tell them apart by their IP addresses. If a port is being used in a system either to listen for connection or to establish a connection, it can not be used for anything else. That's how the operating system can dispatch packets to the correct process once received by the network card.