CS 3700 Networks and Distributed Systems

Slides:



Advertisements
Similar presentations
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Advertisements

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Firewalls and Network Address Translation (NAT) Chapter 7.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
STUN Date: Speaker: Hui-Hsiung Chung 1.
CS 4700 / CS 5700 Network Fundamentals Lecture 13: Middleboxes and NAT (Duct tape for IPv4) Revised 3/9/2013.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.
1 Comnet 2010 Communication Networks Recitation 7 Lookups & NAT.
Chapter 5 The Network Layer.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
NAT: Network Address Translation local network (e.g., home network) /24 rest of Internet Datagrams.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)
Middleboxes & Network Appliances EE122 TAs Past and Present.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
Network Address Translation (NAT)
CS 5565 Network Architecture and Protocols
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.
CS 3214 Computer Systems Godmar Back Lecture 24 Supplementary Material.
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
Common Devices Used In Computer Networks
CS 540 Computer Networks II Sandy Wang
Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
Networking Components Daniel Rosser LTEC Network Hub It is very difficult to find Hubs anymore Hubs sends data from one computer to all other computers.
1 Network Layer Lecture 15 Imran Ahmed University of Management & Technology.
Private Network Addresses IP addresses in a private network can be assigned arbitrarily. – Not registered and not guaranteed to be globally unique Generally,
NAT Network Address Translation. Reading CNI – pp Port Mapping LA – pp NAT.
NAT and PAT. Topics RFCs 1597(obs by 1918), 1631,1917, 1918 & 1797 Network Address Translation – Static and Dynamic Port Address Translation Issues with.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
NETWORK COMPONENTS BY REYNALDO ZAMORA. HUB Hubs are devices that serve as the central connection for a network. Its job is to send data from one computer.
CS 5565 Network Architecture and Protocols Godmar Back Lecture 14.
NAT/PAT by S K SATAPATHY
Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.
Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.
IP Logical Networks COMP 3270 Computer Networks Computing Science Thompson Rivers University.
Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj
Assignment 3 Jacob Seiz. Hub A hub provides a central access point for a network. Through multiple I/O ports a hub can connect multiple Ethernet devices.
HIP-Based NAT Traversal in P2P-Environments
Could SP-NAT Save the Internet?
CS 4700 / CS 5700 Network Fundamentals
NAT (Network Address Translation)
Gijeong Kim ,Junho Kim ,Sungwon Lee Kyunghee University
Supplementary Material
NAT : Network Address Translation
Network Address Translation
Original slides prepared by Theo Benson
Supplementary Material
Network Address Translation (NAT)
Network Address Translation
CS 4700 / CS 5700 Network Fundamentals
CS 3700 Networks and Distributed Systems
Network Address Translation (NAT)
Introducing To Networking
Introduction to Networking
NET323 D: Network Protocols
New Solutions For Scaling The Internet Address Space
EEC-484/584 Computer Networks
CS 3700 Networks and Distributed Systems
NET323 D: Network Protocols
EEC-484/584 Computer Networks
NAT (Network Address Translation)‏
DHCP and NAT.
CS4470 Computer Networking Protocols
Network Address Translation (NAT)
DHCP: Dynamic Host Configuration Protocol
Presentation transcript:

CS 3700 Networks and Distributed Systems Christo Wilson 8/22/2012 CS 3700 Networks and Distributed Systems NAT (You Better Forward Those Ports) Revised 10/7/16 Defense

The IPv4 Shortage Problem: consumer ISPs typically only give one IP address per-household Additional IPs cost extra More IPs may not be available Today’s households have more networked devices than ever Laptops and desktops TV, bluray players, game consoles Tablets, smartphones, eReaders How to get all these devices online?

Private IP Networks Idea: create a range of private IPs that are separate from the rest of the network Use the private IPs for internal routing Use a special router to bridge the LAN and the WAN Properties of private IPs Not globally unique Usually taken from non-routable IP ranges (why?) Typical private IP ranges 10.0.0.0 – 10.255.255.255 172.16.0.0 – 172.31.255.255 192.168.0.0 – 192.168.255.255

Private Networks NAT NAT 192.168.0.1 192.168.0.1 Private Network 192.168.0.2 192.168.0.2 Internet NAT NAT 71.2.33.56 192.168.0.0 192.168.0.0 66.31.210.69

Network Address Translation (NAT) NAT allows hosts on a private network to communicate with the Internet Warning: connectivity is not seamless Special router at the boundary of a private network Replaces internal IPs with external IP by modifying packet headers This is “Network Address Translation” May also replace TCP/UDP port numbers Maintains a table of active flows Outgoing packets initialize a table entry Incoming packets are rewritten based on the table

Basic NAT Operation Private Network Internet 192.168.0.1 66.31.210.69 Source: 192.168.0.1:2345 Dest: 74.125.228.67:80 Source: 66.31.210.69:2345 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:80 Dest: 192.168.0.1:2345 Source: 74.125.228.67:80 Dest: 66.31.210.69:2345

Advantages of NATs Allow multiple hosts to share a single public IP Allow migration between ISPs Even if the public IP address changes, you don’t need to reconfigure the machines on the LAN Load balancing Forward traffic from a single public IP to multiple private hosts

Natural Firewall Private Network Internet 192.168.0.1 66.31.210.69 Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 66.31.210.69 Source: 74.125.228.67 Dest: 192.168.0.1

Concerns About NAT Performance/scalability issues Per flow state! Modifying IP and Port numbers means NAT must recompute IP and TCP checksums Breaks the layered network abstraction Breaks end-to-end Internet connectivity 192.168.*.* addresses are private Cannot be routed to on the Internet Problem is worse when both hosts are behind NATs What about IPs embedded in data payloads?

Port Forwarding Private Network Internet 192.168.0.1 66.31.210.69 Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Dest: 192.168.0.1:7000 Source: 74.125.228.67:8679 Dest: 66.31.210.69:7000

Hole Punching Problem: How to enable connectivity through NATs? 192.168.0.2 192.168.0.1 66.31.210.69 59.1.72.13 Two application-level protocols for hole punching STUN TURN

What is my global IP address? STUN Session Traversal Utilities for NAT Use a third-party to echo your global IP address Also used to probe for symmetric NATs/firewalls i.e. are external ports open or closed? What is my global IP address? Please echo my IP address Your IP is 66.31.210.69 192.168.0.1 STUN Server 66.31.210.69

Problems With STUN Only useful in certain situations One peer is behind a symmetric NAT Both peers are behind partial NATs Not useful when both peers are fully behind full NATs NAT 1 NAT 2 192.168.0.2 192.168.0.1 66.31.210.69 59.1.72.13

TURN Traversal Using Relays around NAT NAT 1 NAT 2 192.168.0.2 192.168.0.1 Please connect to me on 66.31.210.69:7000 192.168.0.1:7000 192.168.0.2:7000 66.31.210.69 59.1.72.13 TURN Server

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.