1 nat network address translation motivation for nat to solve the insufficient problem of ip...
TRANSCRIPT
![Page 1: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/1.jpg)
1
NATNetwork Address
Translation
![Page 2: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/2.jpg)
Motivation for NAT
• To solve the insufficient problem of IP addresses
• IPv6– All software and hardware need to be updated– High cost
• Virtual IP Gateway– Used on IPv4– Let more hosts connect to Internet
![Page 3: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/3.jpg)
NAT Example
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
138.76.29.7
local network(e.g., home network)
10.0.0/24
Internet
Datagrams with source or destination in this network
have 10.0.0.0/24 address for source, destination (as usual)
All datagrams leaving localnetwork have same single source
NAT IP address: 138.76.29.7,different source port numbers
NAT gateway
![Page 4: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/4.jpg)
Private IP Addresses
• The following addresses are reserved for the private network– Class A : 10.0.0.*– Class B : 172.16.*.* to 172.31.*.*– Class C : 192.168.0.* to 192.168.255.*
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
Closed local network10.0.0/24
![Page 5: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/5.jpg)
Connection with Socket Pairs
• IP address + Port number = Socket address• Socket pairs define a unique Internet connection.
– (172.16.12.2,3044) and (092.168.16.2,80) is a socket pair.
telnet server
telnet client
Destination: 092.168.16.2 Port Number: 80
Source: 172.16.12.2 Port Number: 3044
Source: 172.16.12.2 Port Number: 5001
Web page 1
Web page 2
![Page 6: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/6.jpg)
Implementation (1/3)
• Outgoing datagrams– Replace (source IP address, port no.1) of
every outgoing datagram to (NAT IP address, port no.2)
10.0.0.110.0.0.4138.76.29.7
Internt
NAT gateway
128.119.40.186:80 138.76.29.7:5001 128.119.40.186:8 10.0.0.1:3345
Web server
PC in LAN128.119.40.186
d:128.119.40.186:80 s: 10.0.0.1:3345
original socket pair
d:128.119.40.186:80 s: 138.76.29.7:5001
new socket pair
![Page 7: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/7.jpg)
Implementation (2/3)
• Create NAT translation table – Every (source IP address, port no.1) to (NAT
IP address, port no.2) translation pair
NAT translation tableWAN side addr LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345
…… ……
10.0.0.110.0.0.4138.76.29.7
Internt
NAT gateway
128.119.40.186:80 138.76.29.7:5001 128.119.40.186:80 10.0.0.1:3345
Web server
PC in LAN128.119.40.186
![Page 8: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/8.jpg)
Implementation (3/3)
• Incoming datagrams– Replace (NAT IP address, port no.2) in the
destination field with corresponding (source IP address, port no.1) stored in NAT translation table
10.0.0.110.0.0.4138.76.29.7
Internt
NAT gateway
128.119.40.186:80 138.76.29.7:5001
Web server
PC in LAN128.119.40.186
s:128.119.40.186:80 d:138.76.29.7:5001original socket
pair
s:128.119.40.186:80 d:10.0.0.4:3345new socket pair
128.119.40.186:80 10.0.0.1:3345
![Page 9: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/9.jpg)
NAT Translation Table
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345D: 128.119.40.186, 80
1
10.0.0.4
138.76.29.7
1: host 10.0.0.1 sends datagram to 128.119.40.186, 80
NAT translation tableWAN side addr LAN side addr
138.76.29.7:5001 10.0.0.1:3345…… ……
S: 128.119.40.186, 80 D: 10.0.0.1, 3345
4
S: 138.76.29.7, 5001D: 128.119.40.186, 80
2
2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table
S: 128.119.40.186, 80 D: 138.76.29.7, 5001
3
3: Reply arrives dest. address: 138.76.29.7, 5001
4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345
![Page 10: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/10.jpg)
Advantages of NAT (1/2)
• Local network uses just one IP address as far as outside world is concerned– 16-bit port-number field; 60,000 simultaneous
connections with a single LAN-side address!
• Range of addresses not needed from ISP: just one IP address for all devices
• Can change addresses of devices in local network without notifying outside world
![Page 11: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/11.jpg)
Advantages of NAT (2/2)
• Can change ISP without changing addresses of devices in local network
• Devices inside local net not explicitly addressable, visible by outside world (a security plus).
![Page 12: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/12.jpg)
Controversial Issues
• NAT is controversial:– Cost and performance– Outside client cannot create a connection to the
host in local network• NAT traversal problem
– Violates end-to-end argument• NAT possibility must be taken into account by
application designers, eg, P2P applications
– Address shortage should instead be solved by IPv6
![Page 13: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/13.jpg)
Problems of IPv6• IPv6 and IPv4 are not compatible.
• All software at many layers need to be modified for IPv6 (ex: TCPv6, UDPv6, etc.)
• All hardware such as gateways and routers must be updated.
• The IPv6 header which is larger than IPv4 header will increase the traffic overhead 。
![Page 14: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/14.jpg)
NAT Traversal Problem (1/3)• Client want to connect
to server with address 10.0.0.1
• Solution 1: statically configure NAT to forward incoming connection requests at given port to server– e.g., (138.76.29.7, port
5001) always forwarded to 10.0.0.1 port 80
10.0.0.1
10.0.0.4
NAT gateway
138.76.29.7
Client?
server
![Page 15: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/15.jpg)
NAT Traversal Problem (2/3)
• Solution 2: Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol. Learn public IP address
(138.76.29.7) + port mappings (with lease times)
Automate static NAT port map configuration
10.0.0.1
10.0.0.4
NAT gateway
138.76.29.7
IGD
138.76.29.7:5001 10.0.0.1:3345
![Page 16: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/16.jpg)
NAT Traversal Problem (3/3)• Solution 3: relaying (used in Skype)
– NATed server establishes connection from peer 1 to relay
– Peer 2 connects to relay– Relay bridges packets between to
connections
10.0.0.1
NAT gateway
138.76.29.7
peer 2
1. connection torelay initiatedby NATted host
2. connection torelay initiatedby client
3. relaying established
peer1
NAT gateway
![Page 17: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/17.jpg)
Making A Call on Skype
• Skype Client (SC) registers with Super Node (SN)– List of SNs
• SC contacts SN with callee ID– SN contacts other SNs to find
callee
• SC directly contacts callee, overTCP
Skype login server
![Page 18: 1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649e555503460f94b4d040/html5/thumbnails/18.jpg)
Summary
• By using Network Address Translation (NAT), we manage networks in a simple way: – Security, insufficient IP address, cost …
• NAT traversal is a big problem
• Homework: To find and explain the method for NAT Traversal