Transcript NAT - javax
NAT (Network Address Translation) NAT • RFC 1631, May 1994 – “The IP Netwrok Address Translator (NAT)” • It was evident by the beginnigs of the 90s that many more IP addresses would be needed – Many more devices – IPv4 would not be enough • The objective of NAT was to define a mechanism that allowed the sharing of IP addresses by numerous devices – "provide temporarily relief while other, more complex and far-reaching solutions are worked out." • Two decades later NAT is ubiquitous deployment across "Network Address Translator," RFC 1631 "The huge advantage of this approach is that it can be installed incrementally, without changes to either hosts or routers. (A few unusual applications may require changes.) As such, this solution can be implemented and experimented with quickly. If nothing else, this solution can serve to provide temporarily relief while other, more complex and far-reaching solutions are worked out." "This solution has the disadvantage of taking away the end-to-end significance of an IP address, and making up for it with increased state in the network." Egevang and Fancis "Architectural Implications of NAT," RFC 2993 "An opposing view of NAT is that of a malicious technology, a weed which is destined to choke out continued Internet development. While recognizing there are perceived address shortages, the opponents of NAT view it as operationally inadequate at best, bordering on a sham as an Internet access solution. Reality lies somewhere in between these extreme Viewpoints." Tony Hain, NAT • It can be transparent to some protocols interaction • But can be disruptive to others – VoIP, ICMP, FTP, P2P – Client-Server OK, as long as the client initiates the conversation NAT (Network Address Translation) + 192.168.1.101 192.168.1.254 189.45.23.254 ISP 189.45.23.99 192.168.1.50 192.168.1.102 192.168.1.103 97.12.45.1 NAPT (Network Address Port Translation) Dest 97.12.45.123 80 Org 189.45.23.99 1505 189.45.23.99 Dest Dir IP Puerto 97.12.45.123 80 Org 192.168.1.102 32655 192.168.1.254 97.12.45.1 Puerto 189.45.23.254 ISP Dir IP 192.168.1.102 Puerto Dir IP Puerto Dir IP Dest 1505 189.45.23.99 Dest 32655 192.168.1.102 Org 80 97.12.45.123 Org 80 97.12.45.123 NAT header translators Dir IP Puerto Dest 97.12.45.123 80 Org 189.45.23.99 1505 • Outgoing packet: – IP source address, IP Checksum, and TCP checksum • Incoming packet: – IP destination address, IP checksum, and TCP checksum Puerto Dir IP Dest 1505 189.45.23.99 Org 80 97.12.45.123 NAT (Network Address Translation) • Need for more IP addresses – Without using IPv6 • • • • Balance load Migration from ISPs NAPT. Ideal for SOHO Security – “Hide” machines from the exterior NAT (Network Address Translation) • Performance – IP and TCP headers modification – IP and TCP checksum recalculation – Access to the table of addresses • Search • writing NAT (Network Address Translation) • TCP/IP Model architecture – One IP identifies one machine – Destroys layer independency • Against Internet philosophy – “Connectionless” • External connection • If a router fails – Internet, nothig happens, retransmission – With NAT, communication is over