4.

7 – IP Addressing Services
DHCP
DHCP includes three different address allocation mechanisms to provide flexibility when assigning IP addresses:
 Manual Allocation: The administrator assigns a pre-allocated IP address to the client and DHCP only
communicates the IP address to the device.
 Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it
from a pool of available addresses. There is no lease and the address is permanently assigned to a device.
 Dynamic Allocation: DHCP automatically dynamically assigns, or leases, an IP address from a pool of
addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no
longer needs the address.

Operation

BOOTP and DHCP

See for DHCP Message Format - 7.1.3.2

NAT
Dynamic Mapping and Static Mapping –
Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. When a host with a
private IP address requests access to the Internet, dynamic NAT chooses an IP address from the pool that is not
already in use by another host. This is the mapping described so far.

Static NAT uses a one-to-one mapping of local and global addresses, and these mappings remain constant. Static
NAT is particularly useful for web servers or hosts that must have a consistent address that is accessible from the
Internet. These internal hosts may be enterprise servers or networking devices.

NAT Overload
NAT overloading (sometimes called Port Address Translation or PAT) maps multiple private IP addresses to a single
public IP address or a few addresses. This is what most home routers do. Your ISP assigns one address to your router,
yet several members of your family can simultaneously surf the Internet.

With NAT overloading, multiple addresses can be mapped to one or to a few addresses because each private address
is also tracked by a port number. When a client opens a TCP/IP session, the NAT router assigns a port number to its
source address. NAT overload ensures that clients use a different TCP port number for each client session with a
server on the Internet. When a response comes back from the server, the source port number, which becomes the
destination port number on the return trip, determines to which client the router routes the packets. It also validates
that the incoming packets were requested, thus adding a degree of security to the session.
NOTE - Port numbers are encoded in 16 bits. The total number of internal addresses that can be translated to one
external address could theoretically be as high as 65,536 per IP address. However, realistically, the number of
internal addresses that can be assigned a single IP address is around 4,000.

The benefits of using NAT include the following:

 NAT conserves the legally registered addressing scheme by allowing the privatization of intranets. NAT
conserves addresses through application port-level multiplexing. With NAT overload, internal hosts can
share a single public IP address for all external communications. In this type of configuration, very few
external addresses are required to support many internal hosts.
 NAT increases the flexibility of connections to the public network. Multiple pools, backup pools, and load-
balancing pools can be implemented to ensure reliable public network connections.
 NAT provides consistency for internal network addressing schemes. On a network without private IP
addresses and NAT, changing public IP addresses requires the renumbering of all hosts on the existing
network. The costs of renumbering hosts can be significant. NAT allows the existing scheme to remain while
supporting a new public addressing scheme. This means an organization could change ISPs and not need to
change any of its inside clients.
 NAT provides network security. Because private networks do not advertise their addresses or internal
topology, they remain reasonably secure when used in conjunction with NAT to gain controlled external
access. However, NAT does not replace firewalls.

However, NAT does have some drawbacks. The fact that hosts on the Internet appear to communicate directly with
the NAT device, rather than with the actual host inside the private network, creates a number of issues. In theory, a
single globally unique IP address can represent many privately addressed hosts. This has advantages from a privacy
and security point of view, but in practice, there are drawbacks.

1. The first disadvantage affects performance. NAT increases switching delays because the translation of each IP
address within the packet headers takes time. The first packet is process-switched, meaning it always goes through
the slower path. The router must look at every packet to decide whether it needs translation. The router needs to
alter the IP header, and possibly alter the TCP or UDP header. Remaining packets go through the fast-switched path
if a cache entry exists; otherwise, they too are delayed.

2. Many Internet protocols and applications depend on end-to-end functionality, with unmodified packets forwarded
from the source to the destination. By changing end-to-end addresses, NAT prevents some applications that use IP
addressing. For example, some security applications, such as digital signatures, fail because the source IP address
changes. Applications that use physical addresses instead of a qualified domain name do not reach destinations that
are translated across the NAT router. Sometimes, this problem can be avoided by implementing static NAT
mappings.

3. End-to-end IP traceability is also lost. It becomes much more difficult to trace packets that undergo numerous
packet address changes over multiple NAT hops, making troubleshooting challenging. On the other hand, hackers
who want to determine the source of a packet find it difficult to trace or obtain the original source or destination
address.

4. Using NAT also complicates tunneling protocols, such as IPsec, because NAT modifies values in the headers that
interfere with the integrity checks done by IPsec and other tunneling protocols.

5. Services that require the initiation of TCP connections from the outside network, or stateless protocols such as
those using UDP, can be disrupted. Unless the NAT router makes a specific effort to support such protocols, incoming
packets cannot reach their destination. Some protocols can accommodate one instance of NAT between
participating hosts (passive mode FTP, for example), but fail when both systems are separated from the Internet by
NAT.
Summary:

IP V.6
An IPv6 address is a 128-bit binary value, which can be displayed as 32 hexadecimal digits.

Any of the enhancements that IPv6 offers are explained in this section, including:
 Enhanced IP addressing
 Simplified header
 Mobility and security
 Transition richness

Enhanced IP Addressing
A larger address space offers several enhancements, including:
 Improved global reachability and flexibility.
 Better aggregation of IP prefixes announced in routing tables.
 Multihomed hosts. Multihoming is a technique to increase the reliability of the Internet connection of an IP
network. With IPv6, a host can have multiple IP addresses over one physical upstream link. For example, a
host can connect to several ISPs.
 Autoconfiguration that can include Data Link layer addresses in the address space.
 More plug-and-play options for more devices.
 Public-to-private, end-to-end readdressing without address translation. This makes peer-to-peer (P2P)
networking more functional and easier to deploy.
 Simplified mechanisms for address renumbering and modification.

Simplified header:
 Better routing efficiency for performance and forwarding-rate scalability
 No broadcasts and thus no potential threat of broadcast storms
 No requirement for processing checksums
 Simplified and more efficient extension header mechanisms
 Flow labels for per-flow processing with no need to open the transport inner packet to identify the various
traffic flows
IPv6 Address Representation –