IPv4+4 Address extension with NATs Zoltán Turányi András Valkó Andrew Campbell (Rita)

Slides:



Advertisements
Similar presentations
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Advertisements

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
CSC458 Programming Assignment II: NAT Nov 7, 2014.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
Lauri Virtanen Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.
Controlling access with packet filters and firewalls.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Network Architectures Week 3 Part 2. Comparing The Internet & OSI.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Chapter Overview TCP/IP Protocols IP Addressing.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
RSIP Address Sharing with End-to-End Security Mike Borella, 3Com Corp. Gabriel Montenegro, Sun Microsystems March 2000.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Jan 29, 2008CS573: Network Protocols and Standards1 NAT, DHCP Autonomous System Network Protocols and Standards Winter
COMS W COMS W Lecture 8. NAT, DHCP & Firewalls.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
12 – IP, NAT, ICMP, IPv6 Network Layer.
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
Chapter 6: Packet Filtering
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
Network Layer4-1 DHCP: Dynamic Host Configuration Protocol Goal: allow host to dynamically obtain its IP address from network server when it joins network.
Examining TCP/IP.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.
1 TCP/IP, Addressing and Services S. Hussain Ali M.S. (Computer Engineering) Department of Computer Engineering King Fahd University of Petroleum and Minerals.
1 Network Layer Lecture 15 Imran Ahmed University of Management & Technology.
Module 10: How Middleboxes Impact Performance
Instructor & Todd Lammle
Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
NAT and PAT. Topics RFCs 1597(obs by 1918), 1631,1917, 1918 & 1797 Network Address Translation – Static and Dynamic Port Address Translation Issues with.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
Wide Area Networks and Internet CT1403 Lecture-7: Internet Network Layer (Part-2) 1.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Network Layer NAT, IPv6.
Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Introduction to Networks
© 2003, Cisco Systems, Inc. All rights reserved.
CSC458 Programming Assignment II: NAT
Instructor Materials Chapter 6: Network Layer
Original slides prepared by Theo Benson
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Network Address Translation (NAT)
Network Address Translation
CS 3700 Networks and Distributed Systems
Network Address Translation (NAT)
CS 3700 Networks and Distributed Systems
Chapter 11: Network Address Translation for IPv4
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Network Address Translation (NAT)
DHCP: Dynamic Host Configuration Protocol
Review of Internet Protocols Network Layer
Presentation transcript:

IPv4+4 Address extension with NATs Zoltán Turányi András Valkó Andrew Campbell (Rita)

Problem: IPv4 address shortage IPv6 There for 6+ years No deployment Complicated transition Little incentives NAT Deployed Breaks end-to-end Breaks apps Single point of failure Not scalable Even more deployed

Why are NATs so popular? Very easy –No need to replace routers –No need to get more addresses Provide address isolation –Easy address planning independent of outside –Provider change does not result in renumbering –Some even think it is security

IPv4+4 Use existing multiple address realms NAT A B X X A.X B.X level 1 part level 2 part

IPv4+4 Use existing multiple address realms NAT

IPv4+4 packet versionhdrlen DS bytetotal length identificationfragment offsetflags TTLprotocolheader checksum source address destination address source address 2 destination address 2 protocol 2sposdposheader checksum 2 transport header + payload 233 covers addresses, len & protocol end-to-end

IPv4+4 routing RGW A B X Y A.X B.Y X B A Y X B A Y A B X Y A B X Y A Y X B packet routable based on IP header private addresses not visible in public realm private realm’s addresses not visible in another private realm

IPv4+4 routing RGW A B X C A.X C.0 X C A 0 X C A 0 A C X

IPv4+4 routing RGW A B Y C C.0 B.Y C B 0 Y C B 0 Y C Y 0 B

ICMP translation R R A RGW A B X Y R.0 A.X X B A Y A B X Y

ICMP translation R RGW A B X Y X B A Y A B X Y R A A Y X B B.R A.X

ICMP – a problem versionhdrlen DS bytetotal length identificationfragment offsetflags TTLprotocolheader checksum source address destination address source portdestination port sequence number (TCP)/length+checksum (UDP)

ICMP – a problem versionhdrlen DS bytetotal length identificationfragment offsetflags TTLprotocolheader checksum source address destination address source address 2 destination address 2 protocol 2sposdposheader checksum 2 source portdestination port sequence number (TCP)/length+checksum (UDP)

ICMP – a problem versionhdrlen DS bytetotal length identificationfragment offsetflags TTLprotocolheader checksum source address destination address source address 2 destination address 2 protocol 2sposdposheader checksum 2 source portdestination port sequence number (TCP)/length+checksum (UDP)

Summary - RGWs Legacy NAT Packet out: swap source Packet in: swap destination Add 4+4 header to ICMP messages Stateless, cheap processing

Summary – End hosts Generate & understand 4+4 header Decide if peer is in the same realm or not Obtain 4+4 addresses of peers –DNS –Configuration Application support needed

Implementation Linux kernel module Translates IPv4+4 packets and addresses – Mappings are dynamically created –Incoming packet –DNS request Packet headers inside ICMP errors DNS messages also affected

Implementation Linux kernel module – no kernel patch Load/unload any time KERNEL Module Applications userland kernel space

Implementation Linux kernel module – no kernel patch Uses netfilter hooks –Can examine and modify packet –Say a verdict: accept, drop, steal, queue Applications Input deviceOutput device PRE_ROUTINGPOST_ROUTING LOCAL_INPUTLOCAL_OUTPUT FORWARD

Applications Input deviceOutput device PRE_ROUTINGPOST_ROUTING LOCAL_INLOCAL_OUT FORWARD LOCAL_OUT If an ICMP error that carry a peer id inside => translate If destination is a peer id => translate LOCAL_IN If an ICMP error that carry a 4+4 packet => translate If v4+4 and addressed to us => translate If a DNS packet => QUEUE daemon QUEUEACCEPT

Applications Input deviceOutput device PRE_ROUTINGPOST_ROUTING LOCAL_INPUTLOCAL_OUTPUT FORWARD FORWARDING ICMP error carrying 4+4 packet => add IPv4+4 header 4+4 packet => swap source address PRE_ROUTING ICMP error carrying 4+4 packet => add IPv4+4 header 4+4 packet => swap destination address

DNS Each 4+4 address is stored as two “A” RR Name prepending is used as with SRV RRs Hostname: pleione.comet.columbia.edu. Records: l1.pleione.comet.columbia.edu l2.pleione.comet.columbia.edu IPv4+4 address:

DNS Kernel App Module Daemon Who is a.b.com? a.b.com doesn’t exist. Who is l1.a.b.com? Who is l2.a.b.com? l1.a.b.com is l2.a.b.com is Mapping:  a.b.com is

Testbed aphroditetaygeta pleione DNS server WEB server ipv44.comet.columbia.edu WEB server pleione.ipv44.comet.columbia.edu pc Budapest, Hungary Comet Lab New York

aphroditetaygeta pleione

aphroditetaygeta pleione

aphroditetaygeta pleione

aphroditetaygeta pleione

aphroditetaygeta pleione

Experiments Applications/protocols –icmp, ssh, scp, telnet, ping, http –arp, snmp, dhcp, routing protocols –ftp, irc Network management/configuration –dns, firewall, routing

Performance Pentium III, 1 GHz machine Unloaded Measured the forwarding time Applications Input deviceOutput device PRE_ROUTING LOCAL_INPUTLOCAL_OUTPUT FORWARD POST_ROUTING

Performance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.