CSC458 Programming Assignment II: NAT

Slides:



Advertisements
Similar presentations
CSC458 Programming Assignment II: NAT Nov 7, 2014.
Advertisements

Router Implementation Project-2
10: ICMPv6 Neighbor Discovery
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Leone From global measurements to local management UC3M: inHome NAT detection RFC recommender ICMP UDP TCP Miguel Ángel Díaz, Francisco Valera.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.
Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.
Lab 4: Simple Router CS144 Lab 4 Screencast May 2, 2008 Ben Nham Based on slides by Clay Collier and Martin Casado.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
Chapter 5 The Network Layer.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
CSC458/2209 PA1 Simple Router Based on slides by: Antonin Seyed Amir Hejazi 19/09/2014 CSC458/ Computer Networks, University of Toronto.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
1 Internet Control Message Protocol (ICMP) RIZWAN REHMAN CCS, DU.
Middleboxes & Network Appliances EE122 TAs Past and Present.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
4: Addressing Working At A Small-to-Medium Business or ISP.
Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
Lab 5: NAT CS144 Review Session 7 November 13 th, 2009 Roger Liao.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
CS 5565 Network Architecture and Protocols
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
Chapter 6: Packet Filtering
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
IP Forwarding.
CS 453 Computer Networks Lecture 21 Layer 3 Network Layer Network Layer of the Internet.
Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.
TCOM 515 IP Routing. Syllabus Objectives IP header IP addresses, classes and subnetting Routing tables Routing decisions Directly connected routes Static.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Private Network Addresses IP addresses in a private network can be assigned arbitrarily. – Not registered and not guaranteed to be globally unique Generally,
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.
ECE 526 – Network Processing Systems Design Network Address Translator.
End-host IP: MAC: 11:11:11:11:11 gateway IP: MAC: 22:22:22:22:22 Google server IP: interne t interface DNS server IP:
© 2001, Cisco Systems, Inc. CSPFA 2.0—5-1 Chapter 5 Cisco PIX Firewall Translations.
Internet Control Message Protocol (ICMP)
© 2003, Cisco Systems, Inc. All rights reserved.
Supplementary Material
NAT – Network Address Translation
Internet Control Message Protocol (ICMP)
Original slides prepared by Theo Benson
Supplementary Material
Internet Control Message Protocol (ICMP)
Instructor Materials Chapter 9: NAT for IPv4
8 Network Layer Part V Computer Networks Tutun Juhana
Routing and Switching Essentials v6.0
Introduction to Networking
Introducing To Networking
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP)
New Solutions For Scaling The Internet Address Space
* Essential Network Security Book Slides.
CIS 82 Routing Protocols and Concepts Chapter 11 NAT
Internet Control Message Protocol (ICMP)
Routing and Switching Essentials v6.0
Internet Control Message Protocol (ICMP)
Instructor Materials Chapter 9: NAT for IPv4
Chapter 11: Network Address Translation for IPv4
DHCP: Dynamic Host Configuration Protocol
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

CSC458 Programming Assignment II: NAT

Recall PA I Static topology + static routing table IP Routing + ICMP messages ARP requests and replies

PA II Overview You’re going to write a “simplified” NAT (+Router) Take your PA I NAT handling ICMP and TCP

Recap: What is NAT? NAT = Network Address Translation Translate between IP address ranges Private to public IP address Private: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 Enables one IP address to be shared among lots of devices Conserve IPv4 addresses

Outline Use mininet to create a NAT HTTP servers and switch are outside of NAT Client is inside NAT

Required Functionality Pinging the NAT's internal interface from client host machines Pinging any of the HTTP servers Downloading files using HTTP from the app servers

Required Functionality Keep your PA 1 functionality Enable NAT with ./sr_nat –n ICMP messages Ping echo request + reply External host independence TCP packets Endpoint-Independent mapping behavior Endpoint-Independent filtering Simultaneous open Mapping timeouts MUST be configurable Refer to course webpage for detailed instructions

Example: ICMP Echo Request Ping (ICMP ECHO) Src: 172.64.3.1 Dst: 172.64.3.21 Id: 100 Ping (ICMP ECHO) Src: client Dst: 172.64.3.21 Id: 10

Example: ICMP Echo Reply Ping (ICMP ECHO Reply) Src: 172.64.3.21 Dst: 172.64.3.1 Id: 100 Ping (ICMP ECHO Reply) Src: 172.64.3.21 Dst: client Id: 10

ICMP: External Host Independence Rewriting is the same, Independent of packet destination Timeout after 60 seconds Ping (ICMP ECHO) Src: client Dst: 172.64.3.21 Id: 10 Ping (ICMP ECHO) Src: client Dst: 172.64.3.22 Id: 10 Ping (ICMP ECHO) Src: 172.64.3.1 Dst: 172.64.3.21 Id: 100 Ping (ICMP ECHO) Src: 172.64.3.1 Dst: 172.64.3.22 Id: 100

TCP: Requirements Endpoint-Independent Mapping behavior If a mapping (x,px)(x’,px’) is created for a packet destined to (y1,py1) Then the same mapping is used for for packets from (x,px) to (y2,py2) (i.e. doesn’t depend on endpoints) Endpoint-Independent Filtering If a mapping (x,px)(x’,px’) is created for (y1,py1), then allow (y2,py2) to communicate to (x,px) via (x’,px’) Simultaneous open Dealing with Inbound SYNs Timeouts and a few others (webpage lists all) Use ports > 1023 for mapping.

Threads! Spawn a thread to timeout NAT entries Similar to ARP cache timeouts Search code for pthread_create, pthread_mutex_lock Synchronize access to shared data using locks NAT mapping lookup, insertion, deletion, etc. Be conservative with locks Race conditions harder to debug than deadlocks

Data Structures Mapping table Remember: locks! Linked list is fine, O(n) lookup ICMP or TCP Keep a time field to remember when a mapping was used Remember: locks! Protect all accesses: lookup, insertion, deletion

Rough pseudocode Receive packet on an interface Check if ICMP or TCP If packet is outbound (internal -> external) insert or lookup unique mapping else: if no mapping and not a SYN (for simultaneous open) drop packet Rewrite IP src (dst) for outgoing (incoming) packets Rewrite ICMP ID / TCP port Update relevant checksums Route packet

Rough pseudocode This is just to give you a rough idea Start early! Details missing (rules for filtering, reusing mapping, etc.) ICMP port unreachable, etc. Locks  Read instructions for detailed information Start early! Due Friday Nov. 28th

Summary Build on top of PA 1 NAT must work for ICMP, TCP UDP: not required, but up to you... Clear defunct mappings using timeouts Timeouts must be configurable ICMP query id timeout TCP established timeout TCP transitory timeout (e.g. SYN sent but no response) Which means you have to track TCP state transitions 

Things Might Be Helpful Modularize your code! To handle NAT state insertions, lookups, etc. Dealing with ICMP, TCP Start with ICMP first, then move to TCP Debugging workflow Mininet console, tcpdump, ping, wireshark GDB/Valgrind Debug Functions print_hdrs, print_addr_ip_int

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.