Upload
rachele-albiotti
View
138
Download
1
Tags:
Embed Size (px)
Citation preview
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 1
18060963_05F9_c3 © 1999, Cisco Systems, Inc. 18060963_05F9_c3 © 1999, Cisco Systems, Inc.
28060963_05F9_c3 © 1999, Cisco Systems, Inc.
DNS, DHCP, and IPDNS, DHCP, and IPAddress ManagementAddress Management
Session 806Session 806
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 2
38060963_05F9_c3 © 1999, Cisco Systems, Inc.
IntelligentNetwork
Users Applications
ManualProcesses
ManualProcesses
PublicDomainSoftware
PublicDomainSoftware
AutomatedNetwork
Addressing
AutomatedNetwork
Addressing
PoliciesBased on
IP Addresses
PoliciesBased on
IP Addresses
User-BasedPolicy
Networking
User-BasedPolicy
NetworkingScalableReliable
DNS/DHCPServices
ScalableReliable
DNS/DHCPServices
User Provisioning
User Provisioning
DNS and DHCP ChallengesDNS and DHCP Challenges
48060963_05F9_c3 © 1999, Cisco Systems, Inc.
Edit by HandEdit by Hand SpreadsheetSpreadsheet CustomApplication
CustomApplication
Managing Names and AddressesManaging Names and Addresses
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 3
58060963_05F9_c3 © 1999, Cisco Systems, Inc.
DHCPDHCP
1970’s1970’s
MultipleSourcesof Data
MultipleSourcesof Data
FewUsersFew
Users
ManyUsersManyUsers
20002000FirewallFirewall
PC InventoryPC Inventory
Etc.Etc.
DirectoryDirectory
DNSDNS FirewallFirewall
DHCPDHCP PolicyPolicy
Dial-InDial-In
E-MailE-Mail
1980’s1980’s
1990’s1990’sDNSDNS
SingleSourceof Data
SingleSourceof Data
Migrating to DirectoriesMigrating to Directories
68060963_05F9_c3 © 1999, Cisco Systems, Inc. 6
Protocol OverviewProtocol Overview
DNS and DHCPDNS and DHCP
8060963_05F9_c3 © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 4
78060963_05F9_c3 © 1999, Cisco Systems, Inc.
COM
(root)
WWWWWW
CISCOCISCO
RTPRTPTIMSPCTIMSPC
How DNS WorksHow DNS WorksDNS NamespaceDNS Namespace
• Hierarchical name space• Each node in tree represents
domain/subdomain• Some subdomains are defined
as zones• Each zone has a “primary”
name server responsible forall lower nodes
• Resource records (RR) are definedfor each node
• Example RRs are: Address (A),pointer (PTR), mail exchange (MX),name server (NS), start ofauthority (SOA)
timspc.cisco.comtimspc.cisco.com
cisco.com zonecisco.com zone
88060963_05F9_c3 © 1999, Cisco Systems, Inc.
DNS Client Outsideof Cisco Network
Root NameServer
.COM NameServer
CISCO.COMName Server
LocalDNS
Server www.cisco.com
Q. What Is the IP Addressfor www.cisco.com?
Q. What Is the IP Addressfor www.cisco.com?
How DNS WorksHow DNS WorksDNS QueriesDNS Queries
• Clients query local DNSserver for IP addresses
• Local server starts withthe root name server andrecursively queries DNSservers until it finds aserver that has the answer
• Local servers sendanswers back to theclients and cachethe answers
A. 161.44.10.9A. 161.44.10.9
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 5
98060963_05F9_c3 © 1999, Cisco Systems, Inc.
Primary Name Serverfor CISCO.COM
Secondary DNSServer for
CISCO.COM
Secondary DNSServer for
CISCO.COMDNS Client
DNS RedundancyDNS Redundancy
• Redundancy is built into DNS• Secondary servers automatically
backup primary servers• Secondary servers check the
primary for changes in the zoneserial number
• Updates controlled by therefresh rate in SOA recordfor zone
• Use Notify and Incremental ZoneTransfers to reduce propagationdelay and bandwidth utilization
• Spread secondary and cachingDNS servers liberallythroughout the network
Old Zone Transfer1. Secondary Checks the Serial
Number of the Zone2. If It Has Changed, Secondary
Requests a Zone Transfer3. Primary Sends the Entire
Zone to Secondary
Old Zone Transfer1. Secondary Checks the Serial
Number of the Zone2. If It Has Changed, Secondary
Requests a Zone Transfer3. Primary Sends the Entire
Zone to Secondary
New Zone Transfer1. Primary DNS Server Sends a
NOTIFY Message to SecondaryWhen the Zone Data Changes
2. Secondary Requests anIncremental Zone Transfer
3. Primary Only Sends theChanges to Secondary Server
New Zone Transfer1. Primary DNS Server Sends a
NOTIFY Message to SecondaryWhen the Zone Data Changes
2. Secondary Requests anIncremental Zone Transfer
3. Primary Only Sends theChanges to Secondary Server
108060963_05F9_c3 © 1999, Cisco Systems, Inc.
Here is your configuration:IP Address: 192.204.18.7Subnet Mask: 255.255.255.0Default Routers: 192.204.18.1, 192.204.18.3DNS Servers: 192.204.18.8, 192.204.18.9WINS Server: 192.204.18.9Lease Time: 5 days
Here is your configuration:IP Address: 192.204.18.7Subnet Mask: 255.255.255.0Default Routers: 192.204.18.1, 192.204.18.3DNS Servers: 192.204.18.8, 192.204.18.9WINS Server: 192.204.18.9Lease Time: 5 days
DHCPServer
DHCPClient
Send MyConfigurationInformation
Send MyConfigurationInformation
How DHCP WorksHow DHCP WorksObtaining a LeaseObtaining a Lease
• Dynamically assignsconfiguration information
• Creates IP address poolsto conserve addressesand support mobile users
• Clients broadcasts DHCPDiscover packet onlocal subnet
• Multiple serverscan respond
• Client chooses firstor best response
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 6
118060963_05F9_c3 © 1999, Cisco Systems, Inc.
Server 1 Client Server 2
OFFER
DISCOVER
(Broadcast)(Broadcast)
DISCOVER
REQUESTREQUEST
OFFER
ACK
(Unicast)
(Unicast)
(Broadcast)
(Unicast)
(Broadcast)
How DHCP WorksHow DHCP WorksDHCP Discover ProcessDHCP Discover Process
• DHCP client broadcastsDHCP DISCOVER packeton local subnet
• DHCP servers sendOFFER packet with leaseinformation
• DHCP client selects leaseand broadcasts DHCPREQUEST packet
• Selected DHCP serversends DHCP ACK packet
128060963_05F9_c3 © 1999, Cisco Systems, Inc.
OP CodeOP Code
Transaction ID (XID)Transaction ID (XID)
HardwareType
HardwareType
HardwareLength
HardwareLength HOPSHOPS
Your IP Address (YIADDR)Your IP Address (YIADDR)
SecondsSeconds
Client IP Address (CIADDR)Client IP Address (CIADDR)
Server IP Address (SIADDR)Server IP Address (SIADDR)
Gateway IP Address (GIADDR)Gateway IP Address (GIADDR)
FlagsFlags
Server Name (SNAME)—64 bytesServer Name (SNAME)—64 bytes
Filename—128 bytesFilename—128 bytes
DHCP OptionsDHCP Options
Client Hardware Address (CHADDR)—16 bytesClient Hardware Address (CHADDR)—16 bytes
How DHCP WorksHow DHCP WorksDHCP PacketDHCP Packet
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 7
138060963_05F9_c3 © 1999, Cisco Systems, Inc.
Common DHCP Options
Option CodeLease Time 51Subnet Mask 1Default Routers 3DNS Servers 6Domain Name 15Host Name 12WINS Servers 44NetBIOS Node Type 46Client Identifier 61
Common DHCP Options
Option CodeLease Time 51Subnet Mask 1Default Routers 3DNS Servers 6Domain Name 15Host Name 12WINS Servers 44NetBIOS Node Type 46Client Identifier 61
How DHCP WorksHow DHCP WorksDHCP OptionsDHCP Options
• Server passesconfiguration optionsto client
• Over 100 options defined
• Most DHCP clients supportapproximately 10 options
• Custom and vendoroptions available
148060963_05F9_c3 © 1999, Cisco Systems, Inc.
What’s New in DNS and DHCPWhat’s New in DNS and DHCP
• New DNS standardsDynamic DNS updates (RFC 2136)
Incremental Zone Transfers (RFC 1995)
Notify (RFC 1996)
• New DHCP standardsDHCP Safe Failover (Internet draft)
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 8
158060963_05F9_c3 © 1999, Cisco Systems, Inc.
WAN
SecondaryDNS Server
DHCPClient
Cisco NetworkRegistrar DHCP
Server
Cisco NetworkRegistrar Primary
DNS Server
IP Address:172.16.18.74IP Address:172.16.18.74
sbombay-pc.cisco.com IP:
172.16.18.74
sbombay-pc.cisco.com IP:
172.16.18.74
Host:sbombay-pc
Host:sbombay-pc
NotifyMessage
NotifyMessage
IXFRRequest
IXFRRequest
Only changed information is sentsbombay-pc.cisco.com
172.16.18.74
Only changed information is sentsbombay-pc.cisco.com
172.16.18.74
Dynamic DNS Updates, Notify, andDynamic DNS Updates, Notify, andIncremental Zone TransfersIncremental Zone Transfers
• Dramatically reduces propagation delay• Dramatically reduces WAN bandwidth utilization• Integrates DHCP and DNS
168060963_05F9_c3 © 1999, Cisco Systems, Inc.
Primary DHCPServer
Backup DHCPServer
Backup Address Pool172.16.18.191-200
Backup Address Pool172.16.18.191-200
DHCP Safe Failover ProtocolDHCP Safe Failover Protocol
• All DHCP requests are sentto both servers
• Primary updates backupwith lease information
• Backup takes over whenprimary fails
• Backup server usesdedicated pool of addressesallocated by the primary toprevent duplicate IP address
• Servers synchronize whenprimary is up
• IETF Internet Draft
Primary Address Pool172.16.18.101-200
Primary Address Pool172.16.18.101-200
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 9
178060963_05F9_c3 © 1999, Cisco Systems, Inc.
DNS IssuesDNS Issues
178060963_05F9_c3 © 1999, Cisco Systems, Inc.
188060963_05F9_c3 © 1999, Cisco Systems, Inc.
InternalNetwork
ExternalDNS
Server
InternalDNS
Server
www.cisco.commail.cisco.comftp.cisco.com
www.cisco.commail.cisco.comftp.cisco.comwwwin.cisco.comcallmanager.cisco.comerpserver.cisco.comtimspc.cisco.comeng-web.cisco.com
Split DNSSplit DNS
• Two “primary” DNSservers for the domain
• Hides the structure ofthe internal network
• Internal clients point tointernal DNS servers
• External serverpublishes web, mail,ftp and other externalservers
• Internet DNS serversdelegate to externalprimary DNS server
Internet
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 10
198060963_05F9_c3 © 1999, Cisco Systems, Inc.
Small.comBig.com
Internet
InternalDNS Server
InternalDNS Server
ExternalDNS
Server
ExternalDNS
Server
erp.small.com
RootDNS Server
Selective ForwardersSelective Forwarders
Connect to erp.small.com
208060963_05F9_c3 © 1999, Cisco Systems, Inc.
WINSWINS
• Windows InternetNames Service (WINS)
NetBIOS NamesService (NBNS)
Windows NT file andprint servicesFlat name space
• Coexists with DNS• Scaling problems in
large networks• Going away with
Windows 2000!
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 11
218060963_05F9_c3 © 1999, Cisco Systems, Inc.
Windows 2000 andWindows 2000 andActive DirectoryActive Directory
• Coming soon!
• DNS requirementsDynamic DNS updates(RFC 2136)
SRV records
• Active directory isdependent on DNS
• WINS is phased out
228060963_05F9_c3 © 1999, Cisco Systems, Inc.
DHCP IssuesDHCP Issues
228060963_05F9_c3 © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 12
238060963_05F9_c3 © 1999, Cisco Systems, Inc.
DHCPServer
161.44.54.7
DHCPClient
GIADDR
DHCP Packet
DHCPServer
161.44.54.8
Physical Network161.44.18.0
Physical Network161.44.18.0
161.44.18.1161.44.18.1
DHCP in a Routed NetworkDHCP in a Routed Network
• DHCP clients broadcastsa DHCP discover packet
• DHCP relay (ip helper address)on the router hears the DHCPDiscover packet and forwards(unicast) the packet to theDHCP server
• DHCP relay fills in the GIADDRfield with IP address of theprimary interface of router
• DHCP relay can be configured toforward the packet to multipleDHCP servers. Client will choosethe “best” server
• DHCP servers use GIADDR field ofDHCP Discover packet as an indexin to the list of address pools
Router with DHCP Relayinterface se0
ip helper 161.44.54.7ip helper 161.44.54.8
248060963_05F9_c3 © 1999, Cisco Systems, Inc.
DHCP in a Switched NetworkDHCP in a Switched Network
• Cisco IOS® allowsmultiple addresses onan interface whichimplies multiple logicalnetworks on samephysical network
• DHCP relay inserts firstIP address of interfacein GIADDR field
• Most DHCP servers cancreate an address poolswith multiple logicalnetworks. This is alsoknown as super scopes
DHCPServer
DHCPClient
DHCPClient
RouterwithDHCPRelay
Catalyst®
Switch
DHCP Packet
GIADDR
One Physical NetworkFour Logical Networks192.204.18.0192.204.19.0192.204.20.0192.204.21.0
One Physical NetworkFour Logical Networks192.204.18.0192.204.19.0192.204.20.0192.204.21.0
192.204.18.1 Primary192.204.19.1 Secondary192.204.20.1 Secondary192.204.21.1 Secondary
192.204.18.1 Primary192.204.19.1 Secondary192.204.20.1 Secondary192.204.21.1 Secondary
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 13
258060963_05F9_c3 © 1999, Cisco Systems, Inc.
DHCP SecurityDHCP Security
• DHCP lacks built in securityAny client can get an address
Any server can allocate an address
• Client class in CNRCreate list of authorized MAC addresses
• IETF working on the problem• Generally not an issue on most nets
268060963_05F9_c3 © 1999, Cisco Systems, Inc.
IP AddressIP AddressManagement IssuesManagement Issues
268060963_05F9_c3 © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 14
278060963_05F9_c3 © 1999, Cisco Systems, Inc.
Private NetworkPrivate NetworkNumbers (RFC 1918)Numbers (RFC 1918)
Internet
PrivateNetwork10.0.0.0/8
10.0.0.0 - 10.255.255.255 (10/8 prefix)172.16.0.0 - 172.31.255.255 (172.16/12 prefix)192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
10.0.0.0 - 10.255.255.255 (10/8 prefix)172.16.0.0 - 172.31.255.255 (172.16/12 prefix)192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
• Difficult to obtain newnetwork numbers
• Unlimited addresses withprivate network numbers
• Allows for flexibleaddressing schemes
• Requires NAT/PAT toaccess Internet
Private Network NumbersPrivate Network Numbers
288060963_05F9_c3 © 1999, Cisco Systems, Inc.
Private Network10.0.0.0/8
172.16.0.0/12 Internet10.0.0.7
10.0.100.151
172.16.4.57
TranslationTranslation
Static NATStatic NAT
Dynamic NATDynamic NAT Dynamic—1 to 1Dynamic—1 to 1Pool of External Addresses DynamicallyAssigned to Internal Clients for Durationof Session
Pool of External Addresses DynamicallyAssigned to Internal Clients for Durationof Session
Permanent—1 to 1Permanent—1 to 1 Permanent Mappings between InternalServers to external addressesPermanent Mappings between InternalServers to external addresses
MappingMapping How It WorksHow It Works
PATPAT Dynamic—Many to 1Dynamic—Many to 1 Multiple Internal Clients Share SingleExternal AddressMultiple Internal Clients Share SingleExternal Address
NAT, PAT, and Dynamic NATNAT, PAT, and Dynamic NAT
Internal Add. External Add. Translation Note10.0.0.7 161.44.16.7 Static NAT Permanent Mapping for
Mail Server10.0.100.151 161.44.16.105 Dynamic NAT VoIP Phone Calling on
the Internet172.16.4.57 161.44.17.5 PAT Web client browsing Internet
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 15
298060963_05F9_c3 © 1999, Cisco Systems, Inc.
TranslationTranslation
EasyEasy
DifficultDifficult Multimedia, H.323, NetBIOS, DNS, Dual NAT,SQL*NET, Dynamic Port NegotiationMultimedia, H.323, NetBIOS, DNS, Dual NAT,SQL*NET, Dynamic Port Negotiation
Telnet, FTP, HTTP, Simple C/S AppsTelnet, FTP, HTTP, Simple C/S Apps YesYes
ApplicationsApplications PIXPIX
ImpossibleImpossible SNMPSNMP
CiscoIOS
CiscoIOS
YesYes
----
MostMost
YesYes
Packet with Embedded IP Address
10.0.5.810.0.5.8
DA: 161.44.8.9DA: 161.44.8.9SA: 10.0.5.8SA: 10.0.5.8
Translated Packet
10.0.5.810.0.5.8
161.44.8.9161.44.8.9NAT Mappings10.0.5.8 -> 171.68.10.5
NAT Mappings10.0.5.8 -> 171.68.10.5
Pool of NAT Addresses
171.68.10.2-100Pool of NAT Addresses
171.68.10.2-100
NAT in PIX, and Cisco IOSNAT in PIX, and Cisco IOS
SA: 171.68.10.5SA: 171.68.10.5DA: 161.44.8.9DA: 161.44.8.9
171.68.10.5171.68.10.5
308060963_05F9_c3 © 1999, Cisco Systems, Inc.
Directory ServicesDirectory ServicesStandard SchemasStandard Schemas
• Directory Enabled Networks (DEN)Started by Cisco/Microsoft, now owned by DMTF
• Schemas for DHCP being developedProposals from Microsoft, Novell, and IETF
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 16
318060963_05F9_c3 © 1999, Cisco Systems, Inc.
NodesNodes
100K100K
10K10K
Redundant DHCP Server (Mid-Range UNIX Servers—Sun Ultra 250E,Raid Disks, 512 MB RAM)Primary DNS Server (Mid-Range UNIX Server—Sun Ultra 250E, Raid Disks, 512 MBRAM)Distribute Secondary and Caching DNS Servers Throughout Network
Redundant DHCP Server (Mid-Range UNIX Servers—Sun Ultra 250E,Raid Disks, 512 MB RAM)Primary DNS Server (Mid-Range UNIX Server—Sun Ultra 250E, Raid Disks, 512 MBRAM)Distribute Secondary and Caching DNS Servers Throughout Network
Minimum Server ConfigurationMinimum Server Configuration
1K1K
100100 Option 1: Cisco IOS DHCP Server on Any Platform 1600, 2500, 3600, Etc.Provide DNS Service Remotely Across WAN
Option 2: CNR on a Small Windows NT System to Provide DNS & DHCP
Option 1: Cisco IOS DHCP Server on Any Platform 1600, 2500, 3600, Etc.Provide DNS Service Remotely Across WAN
Option 2: CNR on a Small Windows NT System to Provide DNS & DHCP
Option 1: Two Servers Running DNS/DHCP (Low-end UNIX Servers—Raid Disks, 256 MB RAM)Option 2: Two Servers Running DNS/DHCP (Mid-range NT Servers—Raid Disks, 256 MB RAM)Distribute Secondary and Caching DNS Servers Throughout Network
Option 1: Two Servers Running DNS/DHCP (Low-end UNIX Servers—Raid Disks, 256 MB RAM)Option 2: Two Servers Running DNS/DHCP (Mid-range NT Servers—Raid Disks, 256 MB RAM)Distribute Secondary and Caching DNS Servers Throughout Network
Option 1: Redundant DHCP Servers (Mid-Range UNIX Servers, 384 MB RAM)Option 2: Redundant DHCP Servers (High-End NT Servers, 384 MB RAM)Primary DNS Server (Mid-range UNIX Server—Sun Ultra 250E, Raid Disks,512 MBRAM) Distribute Secondary and Caching DNS Servers Throughout Network
Option 1: Redundant DHCP Servers (Mid-Range UNIX Servers, 384 MB RAM)Option 2: Redundant DHCP Servers (High-End NT Servers, 384 MB RAM)Primary DNS Server (Mid-range UNIX Server—Sun Ultra 250E, Raid Disks,512 MBRAM) Distribute Secondary and Caching DNS Servers Throughout Network
Performance FactorsNumber of Nodes, Number of Queries, DHCP Lease Time, and Disk I/O Performance
Performance FactorsNumber of Nodes, Number of Queries, DHCP Lease Time, and Disk I/O Performance
Server SizingServer Sizing(100K, 10K, 1K, 100 Clients)(100K, 10K, 1K, 100 Clients)
328060963_05F9_c3 © 1999, Cisco Systems, Inc. 328060963_05F9_c3 © 1999, Cisco Systems, Inc.
Example Network DesignsExample Network Designs
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 17
338060963_05F9_c3 © 1999, Cisco Systems, Inc.
CorporateData CenterCorporateData Center
Large CampusLarge Campus
• Large campus networks requirehigh-performance, redundant DNSand DHCP servers to supportmultiple 10,000s of nodes
• The server functions need to besplit across multiple servers ina cluster
• Build a cluster with at least threeservers, one primary DNS and tworedundant DHCP servers. Anadditional DNS server can used toprovide secondary DNS service
• DNS servers need highperformance disk I/O (preferably aRAID system) to keep up withdynamic DNS updates
• Each major location around theworld—U.S., Europe and Asianeeds a cluster
PrimaryDNS
Server
DHCPServer 1
DHCPServer 1
SecondaryDNS
Server
348060963_05F9_c3 © 1999, Cisco Systems, Inc.
SecondaryDNSServer
SecondaryDNSServer
Primary DNSServer for
Company ZoneBigco.Com
Primary DNSServer for
Company ZoneBigco.Com
Corporate HeadquartersCorporate Headquarters
DNS andDHCP Servers
DNS andDHCP Servers DNS and
DHCP ServersDNS and
DHCP Servers
Large Branch OfficesLarge Branch Offices
• Organizations with a largenumber of remote branchoffices with a UNIX or NTserver at each remote site.Typically 20-200 nodes/site
• At each of the remote sites,an organization shoulddeploy at least one DNS andDHCP server, two forredundancy. The redundantDHCP server could be at HQ
• Each location could have aseparate domain for the siteand a primary DNS server atthe location. This dependson the WAN bandwidth
• This configuration survivesWAN outages
Corporate WAN
Store Number: 1007Zone: st1007.bigco.com
Store Number: 1007Zone: st1007.bigco.com
DNS andDHCP Servers
DNS andDHCP Servers
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 18
358060963_05F9_c3 © 1999, Cisco Systems, Inc.
Small Branch OfficesSmall Branch Offices
• Organization has a largenumber of remote sites andless than 20 nodes per site.Remote sites should havedial-backup connections forredundancy. DHCP/Bootprelay is enabled on router
• At HQ deploy cluster ofredundant DNS and DHCPservers to provide serviceto remote sites
• Each location could have aseparate domain. PrimaryDNS server for each remotesite zone is in HQ. Ifavailable, run a secondaryDNS server in the remotesite for the remote site zoneusing IXFR and NOTIFY
RedundantDHCPServers
RedundantDHCPServers
Primary DNSServer for
Store Zones
Primary DNSServer for
Store Zones
Corporate HeadquartersCorporate Headquarters
Corporate WAN
Store Number: 1007Zone: st1007.bigco.com
Store Number: 1007Zone: st1007.bigco.com
DNS andDHCP Servers
DNS andDHCP Servers
DHCP/Bootp Relay(aka IP Helper)
DHCP/Bootp Relay(aka IP Helper)
SecondaryDNS
Server
SecondaryDNS
Server
368060963_05F9_c3 © 1999, Cisco Systems, Inc.
CorporateWAN
Cisco Cisco IOSDHCP Serve Port
Address Translation
Cisco Cisco IOSDHCP Serve Port
Address Translation
Small Office/Home OfficeSmall Office/Home Office
• SOHO users can connect to thecorporate network using ISDN,DSL or Frame Relay
• Use the Cisco IOS DHCP serverto provide addresses fordevices in the SOHO. Use aprivate, unregisterednetwork number
• Use Port Address Translationto converse IP addresses
• Provide DNS services fromthe corporate network
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 19
378060963_05F9_c3 © 1999, Cisco Systems, Inc.
10.0.100.15 10.0.100.21
161.44.12.45
DHCP ExtensionPoint Script
161.44.12.53Primary IP address = 161.44.12.1
Secondary IP address = 10.0.100.1
IF MAC Address = Phone Mac Address
Then
IP Address = 10.0.100.X
Else
IP Address = 161.44.12.X
Provisioning IP PhonesProvisioning IP Phones
• Deployment of IP phones will require a large number of new IP addresses• Private network numbers (RFC 1918) should be used for IP phones• Cisco Network Registrar is able to distinguish between PCs and IP phones
using a DHCP extension point script• DHCP server distributes additional configuration information to IP phones
CNRDHCPServer
388060963_05F9_c3 © 1999, Cisco Systems, Inc.
ActivationWeb PageActivationWeb Page
User DBUser DB
Other BCNetwork
Resources
Other BCNetwork
Resources
Custom ApplicationCustom ApplicationUser RegistrationUser Registration
• Boston College (BC)EagleNet activation
• Users must “activate”
Minimal documentation
Enter name and BC PIN
• Four activated classes
Student, staff
Guest, device
• Existing DB updated
User name/MAC
• Help desk load
60% fewer calls
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 20
398060963_05F9_c3 © 1999, Cisco Systems, Inc.
Cisco IOS DHCPCisco IOS DHCPServer ConfigurationServer Configuration
!
! Start DHCP Serverservice dhcp!! Store DHCP Lease database on tftp serverip dhcp database tftp://tftp.cisco.com/dhcp.db!! Create DHCP address pool for the 10.0.0.0/28 networkip dhcp pool subnet-10 lease 3 0 0 <-- lease time of 3 days 0 hours 0 minutes network 10.0.0.0 255.255.255.240 <-- Defines address pool with addresses 10.0.0.1 - 10.0.0.14 dns-server 171.68.10.70 171.68.10.140 domain-name cisco.com netbios-name-server 171.68.235.228 171.68.235.229 netbios-node-type h-node option 150 ip 172.16.24.12 <-- Defines custom option with IP address default-router 10.0.0.1!! Create static mapping for the 10.0.0.5 address - i.e. BootPip dhcp pool manual host 10.0.0.5 client-identifier 010a.1211.2e3c.4a!! Exclude 10.0.0.1 - 10.0.0.5 from DHCP poolip dhcp excluded-address 10.0.0.1 10.0.0.5
408060963_05F9_c3 © 1999, Cisco Systems, Inc.
Product UpdateProduct Update
408060963_05F9_c3 © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 21
418060963_05F9_c3 © 1999, Cisco Systems, Inc.
Cisco Network Registrar 3.0Cisco Network Registrar 3.0
• Reliable and scalable servicesDHCP Safe FailoverDDNS, IXFR and notifyMultithreaded serversSNMP trapsWeb reporting toolSolaris, NT, HP-UX and AIX
• Flexible integrationLDAP integrationCLI and API
• Policy networkingClient classLDAP integration
428060963_05F9_c3 © 1999, Cisco Systems, Inc.
WAN
SecondaryDNS Server
DHCPClient
SecondaryDNS Server
BootPClient
NetworkManagement
Station
Web-Based
Reports
Reliable and Scalable ServicesReliable and Scalable Services
• Redundant DHCP and DNS services• Integration with Network Management Systems• Web-based reporting tools• High-performance, multithreaded servers
DHCPServer DHCP
Server
PrimaryDNS
Server
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 22
438060963_05F9_c3 © 1999, Cisco Systems, Inc.
CustomApplications
CustomExtension
CNR GUI Internal DBInternal DB
DNSServerDNS
ServerDNS
ServerDNS
Server
LDAP ClientLDAP Client
CLICLI
DHCPExtensions
DHCPExtensions
Integrating CNR with ExistingIntegrating CNR with ExistingManagement ApplicationsManagement Applications
• Build custom network management andprovisioning applications using the CLI
• Custom DHCP processing using theDHCP extension points
• Build custom web UI using CLI and Perl
448060963_05F9_c3 © 1999, Cisco Systems, Inc.
ApplicationServer
RouterRouter MultilayerSwitch
MultilayerSwitch
MultiserviceSwitch
MultiserviceSwitchClient
IP Precedence, RSVPApplication RecognitionIP Precedence, RSVP
Application Recognition
Application Signaling
LDAPQPM JavaConsole
DistributedCOPS PolicyServers
COPS SNMP CLI
Directory
CORBA
LDAPNetwork Registrar
Address Rangesand Classes
UserGroups
CiscoAssure Policy NetworkingCiscoAssure Policy Networking
• QoS and securitypolicies enforcedin the network
• Polices based onapplications
• Policies based onusers and groups
• Integrated withdirectory services
• Integrate thirdparty applications
Back End
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 23
458060963_05F9_c3 © 1999, Cisco Systems, Inc.
Coming in
Early CY 2000
Directory-Based ManagementDirectory-Based Managementof Names and Addressesof Names and Addresses
• Manage DNS names and IP addresses• Multiple, simultaneous administrators• Access control by zone and subnet
IPAMWeb App
DNSDHCPServer
DNSDHCPServer
DNSDHCPServer
DNSDHCPServer
468060963_05F9_c3 © 1999, Cisco Systems, Inc.
Cisco IOS DHCP ServerCisco IOS DHCP Server
• Available in Cisco IOS 12.0(1)T or greater• DHCP/Bootp server
Intelligent DHCP relaySecondary addressesPING before lease and custom options
• CaveatsDHCP lease information stored on remotesystem using TFTP, FTP or RCPNo dynamic DNS or DHCP Failover
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 24
478060963_05F9_c3 © 1999, Cisco Systems, Inc.
WAN
Secondary DNS ServerDHCPClient
SecondaryDNS Server
BootPClientIP Phone
with DHCP
CustomExtension
SummarySummary
• Large networks require reliable and sophisticated DNSand DHCP services
• Cisco has software to meet the DNS/DHCP requirementsfor large networks
• Cisco is developing directory-based tools for managingIP addresses and DNS/DHCP
DHCPServer DHCP
Server
PrimaryDNS
Server
488060963_05F9_c3 © 1999, Cisco Systems, Inc.
Resources andResources andReferencesReferences
488060963_05F9_c3 © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 25
498060963_05F9_c3 © 1999, Cisco Systems, Inc.
Cisco InformationCisco Information
• Cisco Network Registrarhttp://www.cisco.com/go/cnr
30-day evaluation software
Data sheets, design guides,and documentation
• Cisco IOS DHCP server documentationhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2.htm
508060963_05F9_c3 © 1999, Cisco Systems, Inc.
BooksBooksBooks
• DNS and BIND, 3rd EditionBy Cricket Liu and Paul Albitz, O’Reilly and Assoc.
• DHCP,A Guide to Dynamic TCP/IP Network Configuration
By Barry Kercheval, Prentice Hall• LDAP, Programming Directory-Enabled Applications
with Lightweight Directory Access Protocol
By Timothy Howes, Ph.D. and Mark Smith, Macmillan
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 26
518060963_05F9_c3 © 1999, Cisco Systems, Inc.
Web SitesWeb SitesWeb Sites
• Ralph Droms’ Web Sitehttp://www.dhcp.orgRalph is the Chair of the IETF DHCP WG
• Internet Software Consortiumhttp://www.isc.orgHome of BIND and ISC DHCP Server
• John Wobus’ DHCP FAQhttp://web.syr.edu/~jmwobus/comfaqs/dhcp.faq.html
528060963_05F9_c3 © 1999, Cisco Systems, Inc.
Mailing list archive atftp.bucknell.edu
Mailing list archive atftp.bucknell.edu
[email protected]@internic.net
DHCP Mailing ListsDHCP Mailing Lists DNS Mailing ListsDNS Mailing Lists
To subscribe to mailing lists,send e-mail to:
And put the following on thefirst line of your message
subscribe <listname> Your Name
subscribe dhcp-v4 Tim Sylvester
To subscribe to mailing lists,send e-mail to:
And put the following on thefirst line of your message
subscribe <listname> Your Name
subscribe dhcp-v4 Tim Sylvester
Mailing ListsMailing Lists
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 27
538060963_05F9_c3 © 1999, Cisco Systems, Inc.
DHCP RFCs and Internet DraftsDHCP RFCs and Internet Drafts
• RFC 1534—Interoperation Between DHCP and BOOTP• RFC 1542—Clarifications and Extensions for the Bootstrap Protocol• RFC 2131—Dynamic Host Configuration Protocol• RFC 2132—DHCP Options and BOOTP Vendor Extensions• RFC 2241—DHCP Options for Novell Directory Services• RFC 2489—Procedure for Defining New DHCP Options• ID—Dynamic Host Configuration Protocol for IPv6 (DHCPv6)• ID—Interaction between DHCP and DNS• ID—Authentication for DHCP Messages• ID—Multicast Address Allocation Configuration Options• ID—DHCP Failover Protocol• ID—Security Requirements for the DHCP protocol• ID—Dynamic Host Configuration Protocol (DHCP) Server MIB
548060963_05F9_c3 © 1999, Cisco Systems, Inc.
DNS RFC and Internet DraftsDNS RFC and Internet Drafts
• RFC1035—Domain Names—Implementation and Specification• RFC 1996—A Mechanism for Prompt Notification of Zone Changes
(DNS NOTIFY)• RFC 1995—Incremental Zone Transfer in DNS• RFC 2136—Dynamic Updates in the Domain Name System (DNS
UPDATE)• RFC 2181—Clarifications to the DNS Specification• RFC 2182—Selection and Operation of Secondary DNS Servers• RFC 2308—Negative Caching of DNS Queries (DNS NCACHE)• RFC 2317—Classless IN-ADDR.ARPA delegation (RFC 2317)• ID—Reserved Top Level DNS Names• ID—Extensions to DNS (EDNS1)• ID—Extension mechanisms for DNS (EDNS0)• ID—Deferred Dynamic Domain Name System (DNS) Delete Operations• ID—Simple Secure Domain Name System (DNS) Dynamic Update
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 28
558060963_05F9_c3 © 1999, Cisco Systems, Inc.
UtilitiesUtilitiesUtilities
• NSLOOKUPCommand line DNS client for querying DNS serversAvailable for UNIX and Windows NT
• DIGAnother command line DNS tool
• WINIPCFGAdmin UI for Windows 95/98 DHCP Client. Windows NTversion available on Windows NT Resource Kit
• Perl modules for DNSDevelop applications that talk to BINDhttp://www.cpan.org
568060963_05F9_c3 © 1999, Cisco Systems, Inc.
Please Complete YourPlease Complete YourEvaluation FormEvaluation Form
Session 806Session 806
568060963_05F9_c3 © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 29
578060963_05F9_c3 © 1999, Cisco Systems, Inc.