Document

Download Report

Transcript Document 

Network Address Translation
1
Network Address Translation (NAT)
• Extension of original addressing scheme
• Motivated by exhaustion of IP address space
• Allows multiple computers to share single
address
• Requires device to perform packet translation
• Implementations available
– Stand-alone hardware device
– IP router with NAT functionality embedded
2
NAT Details
• Site
– Obtains single, valid IP address
– Assigns a private address to each computer
– Uses NAT box to connect to Internet
• NAT
– Translates addresses in IP datagrams
3
Illustration Of NAT
• Single valid IP address needed
• Computers at site assigned private, nonroutable
addresses
4
NAT Example
• Site uses private network 10.0.0.0 / 8 internally
– First computer assigned 10.0.0.1
– Second computer assigned 10.0.0.2
– And so on . . .
• Site obtains valid IP address (e.g., 128.210.24.6).
• Assume computer 10.0.0.1 sends to 128.211.134.4
– NAT translates IP source address of outgoing datagram
– NAT translates destination address of incoming datagram
5
Illustration Of NAT Translation
• Transparent to each end
– Computer at site sends and receives datagrams normally
– Computer in Internet receives datagrams from NAT box
6
Implementation Of NAT
• NAT device stores state information in table
• Value entered in table when NAT box receives
outgoing datagram for new destination
7
Variants of NAT
• Basic NAT
– Changes IP addresses
• Network Address and Port Translation (NAPT)
– Changes IP addresses and protocol port numbers
– Most popular form
8
Network Address and Port Translation
(NAPT)
• By far the most popular form of NAT
• Can change TCP or UDP protocol port
numbers as well as IP addresses
• Allows
– Multiple computers at site to communicate with
single destination
– Multiple users on given computer to communicate
with the same destination
9
TCP Splicing
• Popular use of NAPT
• Interconnects two independent TCP
connections
• Performs segment rewriting
• Extremely efficient: avoids overhead of
extracting data from one connection and
sending to the other
• Uses extended translation table
10
Example NAPT Translation Table
• Entry in table records protocol port number as well as IP
address
• Port numbers reassigned to avoid conflicts
11