Upload
sibyl-green
View
228
Download
2
Tags:
Embed Size (px)
Citation preview
1
NATNetwork Address
Translation
Motivation for NAT
• To solve the insufficient problem of IP addresses
• IPv6– All software and hardware need to be updated– High cost
• Virtual IP Gateway– Used on IPv4– Let more hosts connect to Internet
NAT Example
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
138.76.29.7
local network(e.g., home network)
10.0.0/24
Internet
Datagrams with source or destination in this network
have 10.0.0.0/24 address for source, destination (as usual)
All datagrams leaving localnetwork have same single source
NAT IP address: 138.76.29.7,different source port numbers
NAT gateway
Private IP Addresses
• The following addresses are reserved for the private network– Class A : 10.0.0.*– Class B : 172.16.*.* to 172.31.*.*– Class C : 192.168.0.* to 192.168.255.*
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
Closed local network10.0.0/24
Connection with Socket Pairs
• IP address + Port number = Socket address• Socket pairs define a unique Internet connection.
– (172.16.12.2,3044) and (092.168.16.2,80) is a socket pair.
telnet server
telnet client
Destination: 092.168.16.2 Port Number: 80
Source: 172.16.12.2 Port Number: 3044
Source: 172.16.12.2 Port Number: 5001
Web page 1
Web page 2
Implementation (1/3)
• Outgoing datagrams– Replace (source IP address, port no.1) of
every outgoing datagram to (NAT IP address, port no.2)
10.0.0.110.0.0.4138.76.29.7
Internt
NAT gateway
128.119.40.186:80 138.76.29.7:5001 128.119.40.186:8 10.0.0.1:3345
Web server
PC in LAN128.119.40.186
d:128.119.40.186:80 s: 10.0.0.1:3345
original socket pair
d:128.119.40.186:80 s: 138.76.29.7:5001
new socket pair
Implementation (2/3)
• Create NAT translation table – Every (source IP address, port no.1) to (NAT
IP address, port no.2) translation pair
NAT translation tableWAN side addr LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345
…… ……
10.0.0.110.0.0.4138.76.29.7
Internt
NAT gateway
128.119.40.186:80 138.76.29.7:5001 128.119.40.186:80 10.0.0.1:3345
Web server
PC in LAN128.119.40.186
Implementation (3/3)
• Incoming datagrams– Replace (NAT IP address, port no.2) in the
destination field with corresponding (source IP address, port no.1) stored in NAT translation table
10.0.0.110.0.0.4138.76.29.7
Internt
NAT gateway
128.119.40.186:80 138.76.29.7:5001
Web server
PC in LAN128.119.40.186
s:128.119.40.186:80 d:138.76.29.7:5001original socket
pair
s:128.119.40.186:80 d:10.0.0.4:3345new socket pair
128.119.40.186:80 10.0.0.1:3345
NAT Translation Table
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345D: 128.119.40.186, 80
1
10.0.0.4
138.76.29.7
1: host 10.0.0.1 sends datagram to 128.119.40.186, 80
NAT translation tableWAN side addr LAN side addr
138.76.29.7:5001 10.0.0.1:3345…… ……
S: 128.119.40.186, 80 D: 10.0.0.1, 3345
4
S: 138.76.29.7, 5001D: 128.119.40.186, 80
2
2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table
S: 128.119.40.186, 80 D: 138.76.29.7, 5001
3
3: Reply arrives dest. address: 138.76.29.7, 5001
4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345
Advantages of NAT (1/2)
• Local network uses just one IP address as far as outside world is concerned– 16-bit port-number field; 60,000 simultaneous
connections with a single LAN-side address!
• Range of addresses not needed from ISP: just one IP address for all devices
• Can change addresses of devices in local network without notifying outside world
Advantages of NAT (2/2)
• Can change ISP without changing addresses of devices in local network
• Devices inside local net not explicitly addressable, visible by outside world (a security plus).
Controversial Issues
• NAT is controversial:– Cost and performance– Outside client cannot create a connection to the
host in local network• NAT traversal problem
– Violates end-to-end argument• NAT possibility must be taken into account by
application designers, eg, P2P applications
– Address shortage should instead be solved by IPv6
Problems of IPv6• IPv6 and IPv4 are not compatible.
• All software at many layers need to be modified for IPv6 (ex: TCPv6, UDPv6, etc.)
• All hardware such as gateways and routers must be updated.
• The IPv6 header which is larger than IPv4 header will increase the traffic overhead 。
NAT Traversal Problem (1/3)• Client want to connect
to server with address 10.0.0.1
• Solution 1: statically configure NAT to forward incoming connection requests at given port to server– e.g., (138.76.29.7, port
5001) always forwarded to 10.0.0.1 port 80
10.0.0.1
10.0.0.4
NAT gateway
138.76.29.7
Client?
server
NAT Traversal Problem (2/3)
• Solution 2: Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol. Learn public IP address
(138.76.29.7) + port mappings (with lease times)
Automate static NAT port map configuration
10.0.0.1
10.0.0.4
NAT gateway
138.76.29.7
IGD
138.76.29.7:5001 10.0.0.1:3345
NAT Traversal Problem (3/3)• Solution 3: relaying (used in Skype)
– NATed server establishes connection from peer 1 to relay
– Peer 2 connects to relay– Relay bridges packets between to
connections
10.0.0.1
NAT gateway
138.76.29.7
peer 2
1. connection torelay initiatedby NATted host
2. connection torelay initiatedby client
3. relaying established
peer1
NAT gateway
Making A Call on Skype
• Skype Client (SC) registers with Super Node (SN)– List of SNs
• SC contacts SN with callee ID– SN contacts other SNs to find
callee
• SC directly contacts callee, overTCP
Skype login server
Summary
• By using Network Address Translation (NAT), we manage networks in a simple way: – Security, insufficient IP address, cost …
• NAT traversal is a big problem
• Homework: To find and explain the method for NAT Traversal