Transcript Slide 1
ECE 526 – Network Processing Systems Design Network Address Translator II Overview • Review ─ Network Address Translation Basic ─ Conceptually Implementation • Today ─ IXP Implementation ─ IXP Optimization • • • • Ning Weng Header caching Alignment ARP Checksum ECE 526 2 NAT Basic • What is NAT: ─ System allowing multiple computers share single global IP address ─ Changing packet header: address, port number, IDs and etc ─ Located between a set of computers at a site and rest of the Internet • Mechanism: header modification ─ Source/destination IP address, source/destination port, checksum Ning Weng ECE 526 3 Conceptual Implementation • Simplifying assumptions ─ No fragmentation (why) ─ No packet with IP option (why) ─ Flows initiated from local computer only (why) • NAT table ─ Creation: automatic ─ Updating policy: • LRU and priority heuristic ─ Optimization • Bucket hashing • Independent tables Ning Weng ECE 526 4 NAT Complexity • Fragmentation causes header of encapsulated protocol are only present in first fragment ─ E.g., no port number available for later fragments • IP datagram with options • Memory requirement for NAT table Ning Weng ECE 526 5 NAT Table Management • Creation ─ Automatically ─ Add one entry when it is first packet for new flow • Table entry lifetime ─ Based on packet header • E.g., Fin or reset for TCP ─ Aging • Counter down timer – Reset to maximum value once used – Decrease one every cycle • Table entry update ─ Least recent used ─ Priority heuristic • TCP > UDP > ARP >others Ning Weng ECE 526 6 NAT IXP Implementation Ning Weng ECE 526 7 NAT Overall Structure • What are implementation ideas to improve throughput? Ning Weng ECE 526 8 NAT Microblock Organization Ning Weng ECE 526 9 IXP Optimization • • • • Header caching Byte alignment ARP lookup: Checksum computation: incremental modification Ning Weng ECE 526 10 Header caching • NAT need access multiple header fields • External DRAM access is very slow • Read packet header from buffer in DRAM to local memory • Modify headers using local memory copy • Write back from local memory to DRAM after processing Ning Weng ECE 526 11 Byte alignment • Local memory is organized 4-byte words • Ethernet frame header is 14 byte • Simply copy: IP source/destination spanned into two entries • Use byte_align_be or byte_align_le to read and write local memory Ning Weng ECE 526 12 ARP Lookup • ( IP address, MAC address) • 16 bytes each entry: IP address in one entry of LM; easily convert index to address by shifting • Checksum computation: incremental modification Ning Weng ECE 526 13 Reminder • Read Chapter 10 Ning Weng ECE 526 14