Transcript NAT, Mobile Routing

What we will cover…
Home Networking: Network Address Translation (NAT)
Mobile Routing
Home network
rest of
Internet
local network
(e.g., home network)
NAT: Network Address Translation
rest of
Internet
local network
(e.g., home network)
10.0.0/24
10.0.0.4
10.0.0.1
10.0.0.2
138.76.29.7
10.0.0.3
All datagrams leaving local
network have same single source
NAT IP address: 138.76.29.7,
different source port numbers
Datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
NAT: Network Address Translation
 Advantages:


local network uses just one IP address as far as
outside world is concerned: min. IP address wastage
can change addresses of devices in local network
without notifying outside world: flexibility
 devices
inside local net not explicitly addressable,
visible by outside world (a security plus).
NAT: Network Address Translation
Implementation: NAT router must:



outgoing datagrams: replace (source IP address, port
#) of every outgoing datagram to (NAT IP address,
new port #)
. . . remote clients/servers will respond using (NAT
IP address, new port #) as destination addr.
remember (in NAT translation table) every (source
IP address, port #) to (NAT IP address, new port #)
translation pair
incoming datagrams: replace (NAT IP address, new
port #) in dest fields of every incoming datagram
with corresponding (source IP address, port #)
stored in NAT table
NAT: Network Address Translation
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
2
NAT translation table
WAN side addr
LAN side addr
1: host 10.0.0.1
sends datagram to
128.119.40.186, 80
138.76.29.7, 5001 10.0.0.1, 3345
……
……
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3: Reply arrives
dest. address:
138.76.29.7, 5001
3
1
10.0.0.4
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
NAT: Network Address Translation
 16-bit port-number field:

60,000 simultaneous connections with a single
LAN-side address!
NAT traversal problem
 client wants to connect to
server with address 10.0.0.1


server address 10.0.0.1 local
Client
to LAN (client can’t use it as
destination addr)
only one externally visible
NATted address: 138.76.29.7
 solution 1: statically
configure NAT to forward
incoming connection
requests at given port to
server

e.g., (123.76.29.7, port 2500)
always forwarded to 10.0.0.1
10.0.0.1
?
138.76.29.7
10.0.0.4
NAT
router
NAT traversal problem
 solution 2: relaying (used in Skype)
NATed client establishes connection to relay
 External client connects to relay
 relay bridges packets between connections

2. connection to
relay initiated
by client
Client
3. relaying
established
1. connection to
relay initiated
by NATted host
138.76.29.7
NAT
router
10.0.0.1
NAT: Network Address Translation
 NAT is controversial:

routers should only process up to layer 3

NAT breaks that protocol!!!
Mobile Routing
What is mobility?
 spectrum of mobility, from the network perspective:
no mobility
mobile user, using
same access point
high mobility
mobile user,
connecting/
disconnecting
from network
using DHCP.
mobile user, passing
through multiple
access point while
maintaining ongoing
connections (like cell
phone)
Mobility: Vocabulary
home network: permanent
“home” of mobile
(e.g., 128.119.40/24)
Permanent address:
address in home
network, can always be
used to reach mobile
e.g., 128.119.40.186
home agent: entity that will
perform mobility functions on
behalf of mobile, when mobile
is remote
wide area
network
correspondent
Mobility: more vocabulary
Permanent address: remains
constant (e.g., 128.119.40.186)
visited network: network
in which mobile currently
resides (e.g., 79.129.13/24)
Care-of-address: address
in visited network.
(e.g., 79,129.13.2)
wide area
network
correspondent: wants
to communicate with
mobile
home agent: entity in
visited network that
performs mobility
functions on behalf
of mobile.
Mobility: approaches
 Let routing handle it: routers advertise permanent
address of mobile-nodes-in-residence via usual
routing table exchange.
 routing tables indicate where each mobile located
 no changes to end-systems
 Let end-systems handle it:
 indirect routing: communication from
correspondent to mobile goes through home
agent, then forwarded to remote
 direct routing: correspondent gets foreign
address of mobile, sends directly to mobile
Mobility: approaches
 Let routing handle it: routers advertise permanent
not
address of mobile-nodes-in-residence
via usual
scalable
routing table exchange.
to millions of
 routing tables indicate
mobiles where each mobile located
no changes to end-systems
 let end-systems handle it:
 indirect routing: communication from
correspondent to mobile goes through home
agent, then forwarded to remote
 direct routing: correspondent gets foreign
address of mobile, sends directly to mobile

Mobility: registration
visited network
home network
2
1
wide area
network
foreign agent contacts home
agent home: “this mobile is
resident in my network”
End result:
 Foreign agent knows about mobile
 Home agent knows location of mobile
mobile contacts
foreign agent on
entering visited
network
Mobility via Indirect Routing
foreign agent
receives packets,
forwards to mobile
home agent intercepts
packets, forwards to
foreign agent
home
network
visited
network
3
wide area
network
correspondent
addresses packets
using home address
of mobile
1
2
4
mobile replies
directly to
correspondent
Forwarding datagrams to remote mobile
foreign-agent-to-mobile packet
packet sent by home agent to foreign
agent: a packet within a packet
dest: 79.129.13.2
dest: 128.119.40.186
dest: 128.119.40.186
Permanent address:
128.119.40.186
dest: 128.119.40.186
packet sent by
correspondent
Care-of address:
79.129.13.2
Indirect Routing: comments
 Mobile uses two addresses:
permanent address: used by correspondent (hence
mobile location is transparent to correspondent)
 care-of-address: used by home agent to forward
datagrams to mobile
 foreign agent functions may be done by mobile itself
 triangle routing: correspondent-home-networkmobile
 inefficient when
correspondent, mobile
are in same network

Mobility via Direct Routing
correspondent forwards
to foreign agent
foreign agent
receives packets,
forwards to mobile
home
network
4
wide area
network
2
correspondent
requests, receives
foreign address of
mobile
visited
network
1
3
4
mobile replies
directly to
correspondent
Mobility via Direct Routing: comments
 overcome triangle routing problem
 non-transparent to correspondent:
correspondent must get care-of-address
from home agent

What happens if mobile changes networks?