Chapter 1 - Introduction
Download
Report
Transcript Chapter 1 - Introduction
Computer Networks and Internets with
Internet Applications, 4e
By Douglas E. Comer
Lecture PowerPoints
By Lami Kaya, [email protected]
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
1
Chapter 26
Network Address Translation
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
2
Topics Covered
•
•
•
•
•
•
•
•
•
•
26.1 Introduction
26.2 The Requirement For Unique Addresses
26.3 Network Address Translation Technology
26.4 NAT Topology
26.5 Possible Implementations Of NAT
26.6 Basic Address Translation
26.7 Translation Table
26.8 NAPT And TCP Splicing
26.9 Other Variants: Twice NAT And CAT
26.10 NAT Software And Systems For Use At Home
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
3
26.1 Introduction
This chapter
• considers an alternative in which multiple computers
share a single IP address
• examine both the motivation for address sharing and the
technical details
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
4
26.2 The Requirement For Unique
Addresses
• As Internet grew, it became apparent that the classful
address scheme would not suffice
– Subneting
– Classless addressing
– A third mechanism allows multiple computers at a site to operate
at the same time with only one globally valid IP address
• Can multiple computers use one IP address?
• To assign the same address to multiple host does not work
– if two or more computers on a network attempt to use one
address, conflicts arise
• Thus, to ensure that address binding operates correctly
– each computer on a network must be assigned a unique IP add
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
5
26.3 Network Address Translation
Technology
• NAT makes it possible for a site on the Internet to have a
single, valid IP address for multiple computers
– and no address conflicts
• NAT assigns each computer a locally unique address
• Local addresses are private (known as non-routable)
Ex: 10 . 0 . 0 . 0 /8 has been reserved as a private address
• Routers at the site are configured to forward datagrams
that contain the private addresses
– Before a datagram from the site can be allowed onto the
Internet, private IP source address global IP address
– NAT translates the destination address in each datagram
global Internet address private destination address
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
6
26.4 NAT Topology
• NAT runs as an in-line configuration
– A device running NAT is placed on the connection between the
site and the Internet
– so that all packets entering or leaving the site go through NAT
• Figure 26.1 illustrates the architecture
• The system administrator
– configures NAT with a the globally-valid IP address (shared)
– assigns each computer at the site a private IP address
• NAT translates the addresses in all packets
– so computers on the Internet never see the private addresses
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
7
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
8
26.5 Possible Implementations Of NAT
• NAT can be implemented in HW or SW
• SW is generally less expensive, but only suffice for
lower-speed networks
• Some routers HW may include a SW for NAT
– Combining the NAT and router functionality into one device
reduces the overall cost, but also reduces the network speed
• For a high-speed network, such as a gigabit Ethernet
– A SW for NAT cannot cope with arrival rate of packets
– Special-purpose HW is required to perform NAT at “wire speed”
• The term “wire speed” to refer to the maximum speed at which the
underlying network can deliver packets
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
9
26.6 Basic Address Translation
• The goal of NAT is to provide an illusion:
– When viewed from the Internet, the site appears to consist of a
single host computer
– All datagrams originate from the computer and all replies are
sent to the computer
• To achieve the illusion, a NAT device must process each
packet that enters or leaves the site
• Example
Source address:
Destination address:
10.0.0.1
128.211.134.4
• Figure 26.2 illustrates an example translations
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
10
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
11
26.7 Translation Table
• How can NAT know which private address to use for an
incoming datagram?
– NAT uses a translation table
• The table has separate entries for each direction of
packet flow
– An entry specifies the field to change as well as the new value
– Ex: Figure 26.3 gives a translation table that corresponds to the
address mapping in Figure 26.2
• How are values placed in a translation table?
– Although values can be configured manually by an administrator
• NAT can also operate automatically
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
12
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
13
26.8 NAPT And TCP Splicing
• What happens if two or more computers at a site communicate with
the same remote destination, D?
– Many-to-one
• What about one or more applications on a host at a site attempt to
simultaneous communication with different destinations on the
internet?
– One-to-many
• Basic NAT fails in both cases
• A more sophisticated version of NAT handles both problems
– known as Network Address and Port Translation (NAPT)
• NAPT is the most popular form of NAT
– NAPT translates protocol port numbers as well as IP addresses
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
14
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
15
26.9 Other Variants: Twice NAT And CAT
• Automatic table construction does not work well for communication
initiated from the Internet to the site
• A variant of NAT called Twice NAT allows a site to run servers
• The variant works with the “Domain Name System” (DNS) and
requires the name server to interact with the NAT device
• When an application on the Internet looks up the domain name of a
computer at the site
– the DNS for the site returns the site's valid IP address, and places an
entry in the NAT translation table
– the translation table is initialized before the first packet arrives.
• Twice NAT fails if an application uses the IP address directly without
performing a domain name lookup first
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
16
26.10 NAT Software And Systems For Use
At Home
• NAT is especially useful at a residence that has a cable modem or
DSL connection
• SW is available that allows a PC to both use the Internet and
function as a NAT device for other PCs.
– The concept of NAT originally appeared in a UNIX program named slirp
– A program named Masquerade implements NAT for the Linux OS
– Microsoft's Internet Connection Sharing (ICS) SW implements NAT
• In addition to SW that run on PCs
– dedicated NAT HW are available at low cost
– dedicated systems often combine the functionality of NAT and a hub in
a single physical device
• For example, Figure 26.5 illustrates a dedicated NAT device
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
17
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
18