Shulou(Shulou.com)11/24 Report--

Today's article is very interesting. It comes from one of the small questions in a real interview I once had. It was the end of the day. I was met by a technical consultant from that company, and before the interview, hr showed me his resume, a big shot who joined the computer science department of MIT in 1996.

I was really shocked. What's the concept? 1996, if you remember correctly, that was the era of using BP and mobile phone? How many people can use the computer? Several more people have this opportunity to go abroad for further study.

Which Shuangwen novel is the protagonist's plot?

Even now, this is a very strong thing.

There is no hope for me in my life, and I don't know if my son or grandchildren will have a chance to do it.

In other words, this boss is at least two generations ahead of me.

On that day, I felt the sense of crushing across the times.

All right, stop talking and get to the point.

We know that if you know the IP of a computer, you can initiate a connection request to that IP, and after establishing a connection, you can send and receive data.

The message body change corresponding to the five-layer network protocol analyzes the data to be sent, and the IP header is added to the network layer.

The most important thing in the ip header is the IP address of the sender and receiver. The IP address is like a house number, with it, the packet can find out who should receive the packet in this complex network world.

Therefore, the above network communication can not be separated from IP.

Suppose I have a newly bought computer, which is not connected to the Internet yet. At this time, take the newly bought network cable, plug it into the network cable port, and the network cable Jack lights up.

Then you can start using it to surf the Internet.

So here comes the question.

Just plugged in the network cable, how does the computer know what its IP is? Why can you surf the Internet all of a sudden?

Let's start with DHCP on this topic.

What is DHCP after plugging into the network cable, there are two main ways to get IP.

The first is to match it manually in the computer. As shown in the following figure, this is a screenshot of macOS. After selecting manual configuration, the subnet mask and router address are required in addition to the IP address.

It is unscientific to match IP manually. Computers are not just sold to programmers. For most ordinary people, these words are more difficult to understand than the slang of Fu's ability to grasp the closed loop.

Most people shouldn't go with this thing when it's all right.

Is there any way to get this IP information automatically?

Yes, this is the second way to get IP, DHCP (Dynamic Host Configuration Protocol, dynamic Host configuration Protocol).

DHCP automatically generates IP through DHCP. After networking, you can automatically obtain the IP address, subnet mask and router address that the machine needs.

How DHCP works DHCP is also very simple.

To put it bluntly, it is to apply for an IP address to a server assigned to the IP, that is, the DHCP server. In fact, the general home router comes with this function.

The whole operation process is divided into four stages.

DHCP protocol DHCP Discover: when networking, the local machine has no IP and does not know the IP address of the DHCP server, so it has no idea who to send the request to, so it simply chooses to broadcast and send a message to everyone in the local network segment, asking "who can give an IP".

DHCP Offer: a machine that is not a DHCP server will ignore your broadcast message, but when the DHCP server receives the message, it will take out a free IP from an IP pool it maintains and return it to your computer in the form of a broadcast.

DHCP Request: after your computer gets the IP, it launches the broadcast again and says, "I'll take this IP."

The DHCP ACK:DHCP server will reply you with an ACK at this time, which means "ok". You will officially get the right to use the IP for a period of time (for example, 24 hours). Later, as long as the IP lease does not expire, you can always use this IP for communication.

Here comes the problem.

Why do you have to have the third and fourth stages? have you found that in the Offer stage, your machine has already got the IP? why do you have the Request and ACK behind it? Is it a bit superfluous?

This is because there may be more than one DHCP server in the local network segment, and every DHCP server may send you Offer after you broadcast.

On a first-come-first-served basis, your machine will generally respond to the DHCP Request of the first Offer arrived in order to confirm the offer. During the period of time when you confirm the Offer, the DHCP server confirms that the IP has not been assigned before you can safely use the IP.

Is it like the process of looking for a job?

You send your resume (DHCP Discover) and get multiple offer (DHCP Offer).

When it's not over, you usually say to HR, "you give me two days, and I want to discuss it with my family."

HR will also say to you, "then confirm as soon as possible, I have a lot of candidates waiting."

After you think about it, you think it's good, tell HR to pick up the Offer (DHCP Request), and HR will check that the position is still available before you can confirm that you will come to work the next day (DHCP ACK). If other candidates have been recruited for the position in this company, the fourth phase of the message will be changed to DHCP NAK, which means that your request for Offer has been rejected.

DHCP grab bag light to see the principle is a bit boring, we can try to grab the bag to take a look at the data.

Execute the following command on the command line to force the computer's en0 network card to go through the DHCP process again.

Sudo ipconfig set en0 DHCPen0 can be replaced with other network cards, such as eth0.

At this time, we can catch the relevant data packets.

We can see four blue packets corresponding to the four DHCP phases mentioned above.

The DHCP Offer in the second phase will return the IP, subnet mask, router address and DNS server address we need.

In addition, in the offer phase, by grabbing packets, we can find that DHCP is the protocol of the application layer, which transmits data based on the UDP protocol of the transport layer.

So here's the problem again.

Why does DHCP use UDP? can we use TCP instead? According to reason, what UDP can do, TCP can generally do it. But not this time.

The main reason is that TCP is connection-oriented, while UDP is connectionless.

The so-called "connection" has only one sender and one receiver, just like a water pipe.

Since DHCP does not know who to connect with at first, it can only send messages in the form of broadcasts, attention, small details, broadcasts.

The broadcast looks for the DHCP server. Drawio also sends broadcast messages within the local network segment, and UDP only needs to send 255.255.255.255. It is not actually worth a specific machine, but a special address, which has a special meaning. As long as the destination address is set, it will be broadcast in a certain local network segment.

Unlike TCP, it needs to establish a connection first, but in fact, the corresponding machine of 255.255.255.255 does not exist, so it cannot establish a connection. If you want to achieve the same broadcast effect, you need to first get the IP of all the machines in the local network segment, then establish a connection one by one, and then send messages one by one. This is very inefficient.

So DHCP chose UDP over TCP.

Why the second stage is not broadcast, but unicast.

I don't know if you have noticed another small detail. When referring to the DHCP Offer phase, it is mentioned that the DHCP server will reply in the form of a broadcast. But grab a packet and find that it is not a broadcast, but a unicast.

In fact, this is a small optimization of the DHCP protocol. In principle, everyone uses broadcasting in the DHCP offer stage, which must be the most stable. When the target machine receives it, it will naturally enter the third stage of DHCP Request. Instead of the target machine, if you unpack the packet and find that the mac address of the destination machine is different from your own, you will also lose the packet.

But the problem is that every time this non-destination machine needs to receive the packet on the network card and unpack it, it turns out that this is not a message for it. Really, I was disturbed.

If such packets are flying all over the local network segment, it will also waste machine performance.

If you can use unicast, that is of course the best. But at this time, the destination machine actually does not have an IP address. Some systems can receive unicast packets in this case, while others think that they cannot, which is related to the implementation of the system. Therefore, for a system that can receive unicast packets, a Broadcast flag = 0 (unicast) flag will be set in the DHCP Discover phase to tell the server to support unicast reply, so the server will reply in the form of unicast in the DHCP Offer phase.

Does Discover require unicast reply to go through four stages of DHCP every time I connect to the Internet? As long as you want to connect to the Internet, you need IP, and if you want to use IP, you have to go to DHCP to allocate it.

But you have also found that both the first and second phases of DHCP may send broadcast messages. It's okay for home computers, plug in a network cable, and then it won't move. But mobile devices such as mobile phones, which take them around, take a subway, get into an elevator, and walk around the company, may involve network switching.

Each time there will be a complete four stages, all kinds of broadcast news flying everywhere, in fact, it is not very friendly to the network environment.

So the question is, do you have to go through four stages of DHCP every time you connect the Internet?

Of course not.

We will find that every time we disconnect the wifi and then open the wifi, the machine will go through a process from never having a net to having a net.

Grab a bag at this time and you will find it.

In fact, only the third and fourth phases of DHCP took place. This is because the machine records that the IP of 192.168.31.170 has been used, and after reconnecting to the Internet, it will give priority to requesting the IP again, thus saving the first and second stages of broadcasting.

It is also important to note that the reason why the DHCP Request appears twice in the capture map is that it has not been responded to for too long after the first Request was sent, so it is resent.

Will the IP assigned by DHCP not be repeated? Generally speaking, the DHCP server will find an unused IP in the IP pool it maintains and assign it to the machine.

If this IP is assigned repeatedly, two identical IP will appear in the local network segment, but there will be two different mac addresses under this IP. However, only one mac address mapping to IP is recorded in the ARP cache on other machines.

As a result, there will be errors in the process of data transmission.

Therefore, the IP must be unique within the local network segment.

So is it possible that the IP assigned by DHCP is duplicated with other IP?

If you ask me that, it must be possible.

There are two common situations where IP duplicates occur.

At the beginning of the article, it is mentioned that IP can be configured manually, and it is possible that the self-matching IP is the same as the IP assigned by other DHCP. The solution is also very simple, try not to manually match IP, unified DHCP. Or remove this IP from the IP scope maintained in the DHCP server.

There can be multiple DHCP servers in a local network segment, and the IP address ranges they maintain may overlap, so it is possible to give the same IP to different machines. The solution is also simple: modify the maintained IP address range of the two DHCP servers so that they do not overlap.

However, the above solutions all require permission to modify the DHCP server.

Can I use this IP as soon as I get DHCP ACK?

It's like asking, did you go to work as soon as you got the offer?

No, no.

You will first tell your colleagues, classmates and friends, and even post it on moments.

So is your machine.

After getting the DHCP ACK, the machine will not use this IP immediately.

Instead, three ARP messages are sent first.

You know that the purpose of the ARP message is to get the mac address through the IP address. Therefore, in ordinary ARP messages, the IP address is filled in, not the mac address.

But these three ARP protocols are quite special. They are called gratuitous ARP (Gratuitous ARP). The characteristic is that it will fill in both IP and mac addresses, and fill in their own IP and mac addresses.

There are two purposes.

One is to tell all the machines in the local network segment that from now on, the xx IP address belongs to the xx mac address, so that everyone can record it in the ARP cache.

The other is to see if any other machines in the local network segment also use this IP. If there is a conflict, you need to go through the DHCP process again.

After three unpaid ARP messages, make sure there are no conflicts before you start using this IP address for communication.

In fact, this kind of behavior is no different from posting such a moments after you take the offer.

Moreover, three messages were sent in a row.

Stop scolding, the picture is P, I didn't send it like that.

It's not scary that Xiu offer,offer clashed. The object of the show is in conflict with each other.

If there is such a person in your moments, promise me to delete it.

Summary of the computer plugged into the network cable, networking will be through the DHCP protocol to dynamically apply for an IP, at the same time get the subnet mask, router address and other information.

DHCP is divided into four stages, namely Discover,Offer,Request and ACK. If you have ever connected to this network, the machine will record the IP you used last time, and the original IP will be preferred when you connect again, so you only need to go through the third and fourth stages.

DHCP is an application layer protocol. Considering the need to support broadcast functions, the underlying layer uses the UDP protocol instead of the TCP protocol.

It is possible that the IP assigned by DHCP is duplicated with a manually configured IP address.

After getting the IP, DHCP will send out three unpaid ARP announcements and start using the IP after confirming that there are no conflicts.

Finally, let's leave a question for everyone. The IP above is all applied for from the DHCP server. When the server returns DHCP Offer, you can see that the IP of the DHCP server is written on it. For example, 192.168.31.1, this is obviously an IP in the LAN, but does this mean that your DHCP server must be in this LAN?

references

"schematic TCPIP"

This article comes from the official account of Wechat: rookie debug (ID:xiaobaidebug), author: Xiaobai

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.