This is really, really, really, going to be the last post in this series, for now. At this point I have no plans to add anything. But who knows what the future will bring. All of these posts can be found in the September, 2015 section the of my blog. (See Blog Archive in the navigation section at the right.) But, for consistency sake, here is a link to the first post in the series: http://sigma5.blogspot.com/2015/09/internet-bits-bytes-and-numbers.html. And here is a link to the immediately previous post: http://sigma5.blogspot.com/2015/09/internet-dns.html. So . . .
DHCP
DHCP stands for Dynamic Host Configuration Protocol. This mouthful is almost completely meaningless so what's up? Back in the olden days IP configurations were set up manually. When my company first rolled out TCP/IP that's what we did. Several of us maintained extensive lists of which computer would use which IP address. Besides being tedious and error prone it had a problem. You had to go to each computer and plug the "static IP configuration" parameters in individually. That was bad enough but my company had facilities in several states. So if we wanted to change things up on a computer in another state we had to actually send someone there at a great cost in time and money.
And, hey, this is a computer thing. Why not automate things? Early attempts went by the names RARP and BOOTP. In these cases you plugged everything into one computer. That computer served the information out to the other computers. But it was still a lot of trouble. My company did not use either to any extent. Then along came DHCP. This helped a lot. DHCP added the "dynamic" part. Instead of having a list of computers and IPv4 addresses DHCP let you use a pool. With DHCP you allocated a group of IPv4 addresses to the DHCP server and said "go for it".
DHCP depends on Ethernet or some other protocol that supports a the ability to broadcast to all other local computers. Your computer sends out an "are you a DHCP server?" broadcast message. Hopefully, exactly one machine answers back. Then your computer sends a message directly to that computer that says "my name is X - do you have IP configuration information for me?". The DHCP server looks in its mini-database. If it already has an entry for that computer it sends out the information. If not, it picks an unused IPv4 address from the pool, adds in whatever other information it is supposed to provide, plugs that into the mini-database and sends it out. Your computer catches the information, plugs it in, and boom! it is on the air.
Here's a little more detail. Each entry in the mini-database has a time to live. It can vary from a few months to a few hours, depending on your estimate of the rate of turnover. In a coffee shop where turnover is quick a few hours is probably a good choice. In a corporate environment where turnover is slow, a few months is a good choice. If an entry goes unused too long it is purged and the IPv4 address goes back into the "available" pool. The other thing is that the DHCP server can send out more than just an IPv4 address for the computer to use. Typically it sends out the subnet mask, the gateway, and the addresses of the primary and backup DNS servers. That's the standard set of "IP configuration" information machines need.
By shifting to DHCP we just had to set up a DHCP server at each location and make sure it had a big enough pool of IPv4 addresses to work with. At this time we also converted from using our 5 class "C" public IPv4 nets to using private IPv4 nets so having lots of IPv4 addresses available at each location was easy to arrange. Now we just had to make sure each machine had a unique name. That was much easier to pull off. Then when the machine booted up it would find the local DHCP server and get the information it needed to operate at that location. This is usually referred to as a "dynamic IP configuration" for obvious reasons. We might very occasionally need to change the DHCP setup at a location but that was it.
When you set up a DHCP server you have to plug in the address pool. Usually you say something like "all IPv4 addresses in the range going from 192.168.0.100 to 192.168.0.200". It is possible to specify multiple ranges but this is rarely necessary. Most DHCP servers are set up pretty much the same way. So it is easy to plug in the subnet mask, the gateway address, and one or both DNS server addresses. If you have a home network that shares one public IP address among several machines you have a home DHCP server lurking somewhere. How does that come about?
wrap up
I have left a couple of questions dangling. I am going to answer them in this section. But first I am going to do a quick review of my home setup. My setup is more complicated than most home setups. I am going to explain why I do things the way I do and then move on to some recommendations for how most people should operate.
Comcast is my ISP. They have provided me with an Arris cable modem. This box behaves somewhat like a combination DHCP server and gateway. Comcast provides a pair of public IPv4 addresses to the box. One is attached to the Arris box and one is available to be served up to whatever machine I hook up to it. The hookup is an Ethernet connection. If I only had one computer I could hook it up directly to the Arris box, set it to do DHCP (the default) and everything would work fine. My computer would make a DHCP request to the Arris box and the Arris box would serve up a public IP address. It would also serve up a subnet mask, gateway address (the address of the Arris box), and the addresses of two DNS servers operated by Comcast. That's how that would work.
But I want to hook several boxes up to the Internet. How does that work? I have another box. It is a Netgear FVS318G ProSafe 8 port Gigabit VPN Firewall. This is a box specifically designed for the home networking market. It runs about $120 at Amazon. (BTW, avoid the FVS318. It has slower ports.) It has a special port, the WAN port, that you connect to your cable modem. That's the "external" interface of the box. Then it has 8 more Ethernet ports, marked as LAN ports. Together they constitute the "internal" interface. I hook all my home network equipment up to them. The 8 "internal interface" ports behave just like an Ethernet switch. And between the "internal" interface and the "external" interface this box does NAT. So now all my inside boxes can share my one public IPv4 address.
I also have a separate Linksys WAP54G Wi-Fi base station. It is just plugged into one of the 8 inside ports on my Netgear box. I also have a computer running Windows 2008 Server Edition. This turns my home network environment into a small corporate network, also sometimes referred to as a "Microsoft NT Domain". This is something most people don't need to mess with. But I did system administration work on corporate NT domains for a couple of decades. I like them and I know how to administer them so I did. It is total overkill for most home users.
Nestled into this mess is a standard PC running Windows 7. It has a private IPv4 address. As does the Windows Server box, the Netgear box (on its internal interface), the Linksys box, my TiVo, my DVD player, and my printer. I also have a couple of other boxes I occasionally use but I think you get the idea. All the boxes I listed (and the ones I didn't) are able to get out to the Internet whenever they need to. And they can talk to each other. I can send files between my computers. I can print from either one. My home network does everything I want it to. But it is overkill for most people.
But like more typical home network users there are some capabilities that all of us need. So let me run down the list. I have already indicated that the NAT capability resides in my Netgear box. My DHCP capability resides in my Windows server box. My DNS capability also resides in my Windows server box. That means I had to configure both. DHCP is pretty easy. With Windows server DNS is harder but not a lot harder. (And it probably will not surprise you to know that Microsoft uses its own code rather than BIND.)
First of all, remember that list of "root" servers. Microsoft plugs that list in for me automatically. And it changes very occasionally. But when it does Microsoft sends out the updated list through Windows Update. As long as I keep my Microsoft maintenance current, which I do, my "root" server list stays current. I did have to configure a "forward zone". It holds the "A" records for all my local devices. And I had to configure two "reverse zones" to hold all my PTR records. I won't go into the details on how this was done. Suffice it to say it was not hard.
So I have this expertise built up from decades of doing this sort of thing for a living. What's a regular person supposed to do? Many people who don't know much about any of this have home networks that work just fine. How is that possible? The solution to both of these questions lies in looking at a more common setup.
Most home users do not have an NT domain operating. So what do they do about DHCP and DNS? The answer to both questions lies in the Netgear box. That box can do DHCP. I just turned it off. You don't want competing DHCP servers running around and I knew that I wanted to use my Windows server to do DHCP. (Why? 'Cuz!) So I went in and turned it off. Most people leave DHCP turned on and this is the right thing to do for them. And the defaults for the box set up a home network using the 192.168.0.0/24 private net and configure DHCP accordingly. I don't remember the range of IPv4 addresses the Netgear box selects as its default but it works for all but a few home setups.
That leaves DNS. Here too the Netgear box has a cute trick. It has a setting called "Get Automatically from ISP". Remember that the box uses DHCP through its outside interface to get the information in needs to communicate with Comcast. Well, included in that information are the IP addresses of two Comcast DNS servers. When turned on (I turned it off manually) this option copies the two DNS entries it gets from Comcast into the DHCP information it serves out to the internal network. The down side of this is you can't find the IPv4 addresses of the boxes on your internal network using DNS. I like to be able to do that so I went through all those "NT domain" hoops. But most people can and do live without this capability just fine.
So if I had not installed a Windows server and I had left all the settings on my Netgear box at their defaults I would have a perfectly functional network. One final thing on this, the Netgear box assumes it is king of the 192.168.0.0/24 net. As such it automatically assigns the IPv4 address of 192.168.0.1 to its inside interface. Then it plugs this address in as the default gateway in the DHCP information it serves out. So, if they used DHCP, and if they used the default DHCP setup the Netgear box comes with, my home computers would get all the settings they needed to fully participate in IPv4 networks.
The Netgear box would serve out to each machine a unique IPv4 address from the pool of 192.168.0.0/24 addresses it maintains. It would automatically serve out a subnet mask of 255.255.255.0. It would automatically serve out a gateway address of 192.168.0.1 (itself). And it would automatically serve out the two DNS server addresses it got from Comcast. That's how it works.
There are other boxes that have essentially the same capabilities as my Netgear box. Some of them have 4 ports or none. Some of them include a built in Wi-Fi base station. Pick the box you like. In some cases you can even get the box from your ISP. And pretty much all the ISPs operate along the same lines as Comcast. They might provide you with a different brand or model of cable modem. And it might not technically be a cable modem. But in all likelihood it will behave pretty much like the Arris box I got from Comcast.
And you actually don't need to know all this stuff. Unless something goes wrong. Then this information may be very helpful. Do you have no (or bad) DNS server addresses? Check your NAT box and make sure it is doing the "Get automatically from ISP" thing. Are IPv4 addresses changing around in weird ways? Check to make sure you have exactly one DHCP server running and check that the DHCP server is serving out sensible settings. Are things physically connected up correctly? In my case the Arris box needs to be connected to the WAN jack and everything else needs to be connected to LAN jacks. If you have a separate Wi-Fi box is it trying to do the same things (i.e. DHCP) as your NAT box is doing. For some services you can pick either box to host the service but there needs to be only one box hosting each service.
And then it may be those that just want to know how things work. I hope these posts give you enough foundation so that you can explore anything or everything in more depth, should you choose to. Wikipedia is a great source of more information on these subjects. There are many hard core geeks among its contributors. And they delight in drilling down much further than I have. And in a lot of cases, they will provide you with references that will allow you to dive even deeper. It's a lot of fun, if you get off on that sort of thing. And I do. For the rest of you, I hope you have found this group of posts entertaining and enlightening.
No comments:
Post a Comment