[CST-2] Digi Comm 2

James Sutherland jas88@cam.ac.uk
Mon, 3 Jun 2002 16:10:41 +0100 (BST) 

On Mon, 3 Jun 2002, Chris Applegate wrote:

> Can anyone point to a decent explanation of how DHCP and NAT work?

> My notes for the IPv6 lecture are incomprehensible,

Since it's IPv4 not IPv6, that shouldn't be an issue :-)

> and none of the books I have describe either in any detail.


DHCP (Dynamic Host Configuration Protocol):

When first booted, the only information available to a DHCP-configured
host is its own MAC address. It uses this to form an Ethernet broadcast
frame, to which a DHCP server will (hopefully!) respond by offering the
host an IP address (and other configuration information). The full
protocol is defined by RFCs 2131 and 2132.

DHCP is backwards compatible with, and typically replaces, BOOTP (Boot
Protocol); RARP (Reverse ARP) has also been used to fulfil a similar role.
For RARP, the host will issue a RARP Ethernet frame requesting the IP
address corresponding to its own MAC address, and then use this IP
address. BOOTP and RARP both lack facilities to share IP addresses: hosts
assume an IP address obtained in this way is permanent. DHCP eliminates
this flaw by including a "lease duration" field: the IP address may only
used until the specified time has elapsed. The host should then attempt to
"renew" the lease *before* it expires, obtaining an extension on the
lease. This may fail, in which case the host will be forced to change IP
addresses.



NAT (Network Address Translation)

A mechanism typically used for a group of machines to share a single
"public" IP address for Internet access. A NAT gateway functions as a
normal router, except that it modifies outbound IP packets to reflect the
public address, rather than the original machine's address (typically a
"private" address, per RFC 1918, such as 10.* or 192.168.*), then modifies
inbound packets so they reach the intended destination.

The biggest advantage (and disadvantage!) is that it prevents the
"internal" machines from acting as servers to the Internet at large. This
may be welcome from a security point of view - even if you leave wu-ftpd
running on an old Linux box, it can't be compromised from outside - but
less welcome for users. It also prevents facilities such as IRC DCC file
transfers and chats working, unless the NAT gateway has additional logic
to handle such connections.


HTH!
James.