NAT

Download Report

Transcript NAT 

NAT
CST 415
4/7/2016
CST 415 - Computer Networks
1
Topics
•
•
•
•
•
Problem Definition
NAT Types
NAT Addressing
Dynamic NAT
Overloading
4/7/2016
CST 415 - Computer Networks
2
Problem Definition
Network Address Translation
• IPv4 addresses are becoming a rare commodity.
• What is a simple way to extend the life of IP
addresses until IPv6 becomes fully
implemented?
Given a single IP address, map this single
IP address onto multiple IP addresses.
4/7/2016
CST 415 - Computer Networks
3
Problem Definition
How can we get something for nothing?
(e.g. How do we expand an address range
without really adding more bits onto an
address?)
4/7/2016
CST 415 - Computer Networks
4
Problem Definition
192.10.10.1
161.82.35.22
192.10.10.2
Internet
NAT
192.10.10.5
192.10.10.3
• The Internet sees a single point of presence – 161.82.35.22
• The private sees a single point of presence as the router – 192.10.10.5
• The NAT device translates from private network to external network.
4/7/2016
CST 415 - Computer Networks
5
NAT
• Developed by Cisco
• NAT is an intermediary, very much
like the old days when you would call
an operator to “patch” a call through to
you.
• To do this, all you needed to know is to
dial “0”, then request the other party
you wished to speak to.
4/7/2016
CST 415 - Computer Networks
6
NAT
• As opposed to standard IP routing,
NAT modifies the source and
destination IP address in the IP header.
• This modification is done based on
mapping algorithms and tables.
4/7/2016
CST 415 - Computer Networks
7
NAT types
Static NAT:
Mapping an unregistered IP address to a registered IP address on a oneto-one basis. Particularly useful when a device needs to be accessible
from outside the network.
In static NAT, the computer with the IP address of 192.168.32.10 will always
translate to 213.18.123.110.
4/7/2016
CST 415 - Computer Networks
8
NAT types
Dynamic NAT:
Maps an unregistered IP address to a registered IP address
from a group of registered IP addresses.
In dynamic NAT, the
computer with the IP address
192.168.32.10 will translate to
the first available address in
the range from
213.18.123.100 to
213.18.123.150.
4/7/2016
CST 415 - Computer Networks
9
NAT types
Overloading NAT:
A form of dynamic NAT that maps multiple unregistered IP addresses to a
single registered IP address by using different ports. This is known also as
PAT (Port Address Translation), single address NAT or port-level
multiplexed NAT.
In overloading, each computer on the private network is translated to the same IP
address (213.18.123.100), but with a different port number assignment.
4/7/2016
CST 415 - Computer Networks
10
NAT types
Overlapping NAT:
When the IP addresses used on your internal network
are registered IP addresses in use on another network.
» The router must maintain a lookup table of these addresses
so that it can intercept them and replace them with
registered unique IP addresses.
» The NAT router must translate the "internal" addresses to
registered unique addresses as well as translate the
"external" registered addresses to addresses that are unique
to the private network.
» This can be done either through static NAT or by using
DNS and implementing dynamic NAT
4/7/2016
CST 415 - Computer Networks
11
NAT types
Overlapping NAT:
The internal IP range (237.16.32.xx) is also a registered range used by
another network. Therefore, the router is translating the addresses to
avoid a potential conflict with another network. It will also translate
the registered global IP addresses back to the unregistered local IP
addresses when information is sent to the internal network.
4/7/2016
CST 415 - Computer Networks
12
NAT Example
The use of w1.x1.y1.z1 and w2.x2.y2.z2 represents valid public IP addresses as
allocated by the Internet Assigned Numbers Authority (IANA) or an ISP.
If a private user at 192.168.0.10 uses a
Web browser to connect to the Web
server at w2.x2.y2.z2, the user's
computer creates an IP packet with the
following information:
• Destination IP address: w2.x2.y2.z2
• Source IP address: 192.168.0.10
• Destination port: TCP port 80
• Source port: TCP port 1025
4/7/2016
CST 415 - Computer Networks
13
NAT Example
The use of w1.x1.y1.z1 and w2.x2.y2.z2 represents valid public IP addresses as
allocated by the Internet Assigned Numbers Authority (IANA) or an ISP.
This IP packet is then forwarded to the
NAT protocol, which translates the
addresses of the outgoing packet to the
following:
• Destination IP address: w2.x2.y2.z2
• Source IP address: w1.x1.y1.z1
• Destination port: TCP port 80
• Source port: TCP port 5000
4/7/2016
CST 415 - Computer Networks
14
NAT Example
The use of w1.x1.y1.z1 and w2.x2.y2.z2 represents valid public IP addresses as allocated by the
Internet Assigned Numbers Authority (IANA) or an ISP.
The NAT protocol keeps the mapping of
{192.168.0.10, TCP 1025} to
{w1.x1.y1.z1, TCP 5000} in a table.
The translated IP packet is sent over the
Internet. The response is sent back and
received by the NAT protocol. When
received, the packet contains the
following public address information:
• Destination IP address: w1.x1.y1.z1
• Source IP address: w2.x2.y2.z2
• Destination port: TCP port 5000
• Source port: TCP port 80
4/7/2016
CST 415 - Computer Networks
15
NAT Example
The use of w1.x1.y1.z1 and w2.x2.y2.z2 represents valid public IP addresses as allocated by the
Internet Assigned Numbers Authority (IANA) or an ISP.
The NAT protocol checks its translation
table and maps the public addresses to
private addresses and forwards the
packet to the computer at
192.168.0.10. The forwarded packet
contains the following address
information:
• Destination IP address: 192.168.0.10
• Source IP address: w2.x2.y2.z2
• Destination port: TCP port 1025
• Source port: TCP port 80
4/7/2016
CST 415 - Computer Networks
16
NAT Example
• For outgoing packets from the NAT
protocol, the source IP address (a
private address) is mapped to the ISP
allocated address (a public address),
and the TCP/UDP port numbers are
mapped to a different TCP/UDP port
number.
• For incoming packets to the NAT
protocol, the destination IP address (a
public address) is mapped to the
original intranet address (a private
address), and the TCP/UDP port
numbers are mapped back to their
original TCP/UDP port numbers.
4/7/2016
CST 415 - Computer Networks
17
NAT Example
• Packets that contain the IP
address only in the IP
header are properly
translated by NAT. Packets
that contain the IP address
within the IP payload may
not be properly translated
by NAT.
4/7/2016
CST 415 - Computer Networks
18