Lauri Virtanen Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department.

Slides:

Advertisements

Similar presentations

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.

Advertisements

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

IPv4+4 Address extension with NATs Zoltán Turányi András Valkó Andrew Campbell (Rita)

Understanding Internet Protocol

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

Chapter 5 The Network Layer.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology

CLIENT A client is an application or system that accesses a service made available by a server. applicationserver.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Internet Vulnerabilities & Criminal Activities 1.2 – 9/12/2011 Structure of Internet Communications 1.2 – 9/12/2011 Structure of Internet Communications.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Jan 29, 2008CS573: Network Protocols and Standards1 NAT, DHCP Autonomous System Network Protocols and Standards Winter

1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.

Chapter 6: Packet Filtering

© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.

1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.

Greg Van Dyne December 4, Agenda Introduction Technical Overview Protocols Demonstration Future Trends References.

Network Services Networking for Home & Small Business.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

Transport Layer 3-1 Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012  CPSC.

Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.

1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.

1 TCP/IP, Addressing and Services S. Hussain Ali M.S. (Computer Engineering) Department of Computer Engineering King Fahd University of Petroleum and Minerals.

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

Private Network Addresses IP addresses in a private network can be assigned arbitrarily. – Not registered and not guaranteed to be globally unique Generally,

Chapter 4 Networking and the Internet © 2007 Pearson Addison-Wesley. All rights reserved.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Connecting to the Network Introduction to Networking Concepts.

IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.

1 Interview Questions - What is the difference between TCP and UDP? - What is Nagle's Algorithm? - Describe the TCP handshaking process. - What is Slow.

AN OVERVIEW Rocky K. C. Chang13 Sept The web 2.

Transmission Control Protocol (TCP) Internet Protocol (IP)

AUTHOR DETAILS: CHANDRASEKHAR NAIDU MUTTINENI Mail: Blog:

Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.

1 Network Address Translation. 2 Network Address Translation (NAT) Extension of original addressing scheme Motivated by exhaustion of IP address space.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Network Troubleshooting CT NWT NameTP No. Gan Pei ShanTP Tan Ming FattTP Elamparithi A/L ThuraisamyTP Tan Ken SingTP

Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj

Network Overview. Protocol Protocol (network protocols) - a special set of rules that define communication between two or more devices on a network.

Network Address Translation (NAT)

4.3 Network Layer Logical Addressing

NAT、DHCP、Firewall、FTP、Proxy

Introducing To Networking

NET323 D: Network Protocols

NET323 D: Network Protocols

Networking Essentials For Firewall-1 Administrators

Network Address Translation (NAT)

Presentation transcript:

Lauri Virtanen Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department of Communications and Networking October 29th, 2009

Agenda Backround & Objectives Network Address Translation (NAT) Domain Name System (DNS) Customer Edge Switching (CES) Concept CES Prototype Evaluation Conclusions

Backround & Objectives The growing of Internet has generated problems The run out of IPv4 addresses Weak deployment of IPv6 addressing Oversizing routing tables Reachability problem A new architecture model needed to solve the current problems

Network Address Translation (NAT) An edge device that relays packets Changes address and port information from outgoing and incoming packets Traffic originates from inside to outside direction Inbound connection not possible -> reachability problem

Domain Name System (DNS) Main use is solving domain names to IP addresses In DNS, data is stored in resource records (RR) E.g. A-type RR: domain_name _Host_A IPv4_address_Host_A

Customer Edge Switching (CES) Concept CES is a model for the future Internet Idea to solve the reachability problem Idea to prevent IPv4 addresses from extinction by using them privately Removes the need for IPv6 and also increases security CES is aimed to be implemented with as little modification as necessary in the existing equipments Modifications allowed in DNS and NAT, hosts remain the same Aims at dividing the ownership of network into reasonable pieces: Trust domains (corporate networks, operator networks)

CES architecture : Routing independent in every Trust domain Network elements: host, CES, PE, DNS Identities are known only in its respective private network E.g. Identity of Host X is kept in its home CES device (CES X) and also in the DNS

CES Network Elements Explained Host: Basic IPv4 stacked CES: NAT extension containing its features: mappings and tables Contains information of all the registered hosts (HRL) Address pool of IPv4 addresses Hash calculating algorithm DNS: Needs a new resource record (RR) type: domain_name_Host_X = Address_CES_X + hash_Host_X E.g. host_x.foobar = MAC_CES_X

CES Prototype The implemented prototype differs slightly from CES concept No PE devices Prototype built on virtual PCs running Linux/Debian Programming done with Python DNS executed with DNSPython toolkit Packet generating, sending and receiving done with Scapy

Network Diagram: 2 Hosts, 2 CES devices and DNS IP routing (layer 3) in customer networks Ethernet (layer 2) based routing in public network

Evaluation CES can be implemented with only a few modifications in the existing infrastructure Only NAT and DNS need modifications Hosts are still IPv4 stacked computers CES works with most of the common protocols According to testing, CES works with TCP, UDP, ICMP, HTTP and SSH Still lacks compatibility with FTP and SIP

Test Results Program in Host AProgram in Host B Protocols tested Working Ping clientPing serverICMPYES Telnet clientTelnet serverTCPYES Lynx web browserAbyss web serverHTTPYES Iceweasel web browser Abyss web serverHTTPYES SSH clientSSH serverSSHYES FTP clientPure-FTPd (server)FTPNo Twinkle (client) SIPNo FTP and SIP fail as private addresses are placed in payload fields FTP and SIP does not work with two NATs (or CESs) Packet modification in CES could solve this

Conclusions The prototype proves the functioning of CES concept CES solves the reachability problem CES reuses IPv4 addresses effectively CES excludes the need for IPv6 addresses CES enhances security No modification needed in end-hosts

Future Research Connecting CES prototype to other networks Modification of CES prototype Designing and choosing algorithms for calculating IDs

Thank You!