Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thoughts on the Firewall NAT issue* 1 Tomohiro Kudoh * I think the issue we are discussing as the “firewall issue” is almost a NAT issue (i.e. a process.

Published byOscar Bates Modified over 8 years ago

Similar presentations

Presentation on theme: "Thoughts on the Firewall NAT issue* 1 Tomohiro Kudoh * I think the issue we are discussing as the “firewall issue” is almost a NAT issue (i.e. a process."— Presentation transcript:

1 Thoughts on the Firewall NAT issue* 1 Tomohiro Kudoh * I think the issue we are discussing as the “firewall issue” is almost a NAT issue (i.e. a process is not accessible using a global IP address). “Firewall” implies a lot of functionality and if there are non-NAT firewall issues they should be considered case by case basis.

2 At where do NAT issues exist? At a client/uRA –Clients are likely to be at behind NATs. –It will be beneficial to make a client NAT friendly. At an aggregator/uPA –Aggregators and uPAs provide services to clients/NSAs. It is natural that they have a global IP address. –(If an operator should place an aggregator / a uPA behind a NAT, they should use a conventional method to make a punch hole.) 2

3 Some ways to go avoid the NAT issue 1.Use of a NAT traversal scheme 2.Use Polling. Requester polls status of provider periodically. 3.Keep a connection initiated by a requester, for future messages sent from the provider. 3

4 Relationship with MTL Relationship of NAT issue and MTL is basically an implementation matter. 4

5 Coordinator and Message Transport Layer (MTL) 5 Coor is a part of NSI stack, and uses MTL to send/receive messages Coor is primarily responsible for keeping track of messaging state, e.g. Who was the message sent to Was the message received (i.e. ack’ed or MTL timeout) Who has not replied to the message (e.g. *.cf, *.fl, etc) MTL is primarily responsible for sending and receiving messages, and notifying Coor if the message was received, or if a (MTL) timeout occurs MTL interface (to Coor) has 2 simple operations: Send: waits for ack to be returned by destination MTL, or timeout happens. Timeout value is implementation dependent. NB: The MTL may be implemented to retry sending messages, but this is opaque to the Coor Receive: a thread in Coor is invoked when a message is received NSA NSI Stack Message Transport Layer Coordinator Recall MTL interface; Chin’s slide

6 Option A: MTL hides NAT issues Method 1, 2 or 3 is implemented under MTL I/F. MTL I/F layer supports MTL’s two simple operations (send/receive) NAT support layer supports communication over NAT. (True) MTL (like SOAP, http, TCP) exists under NAT support layer 6 NSA NSI Stack (True) Message Transport Layer Coordinator NAT support layer (Method 1,2 or 3) (fake) MTL I/F layer

7 Option B: over-NAT communication is supported by the Coordinagtor Method 1, 2 or 3 is implemented under MTL I/F. MTL I/F layer supports MTL’s two simple operations (send/receive) NAT support layer supports communication over NAT. (True) MTL (like SOAP, http, TCP) exists under NAT support layer 7 NSA NSI Stack Message Transport Layer Coordinator NAT support layer (Method 1,2 or 3)

8 Example: JAX-WS-based asynchronous operations JAX-WS-based asynchronous operation keeps a connection for a long period of time until a reply is sent back. Define waitStatus as a JAX-WS-based asynchronous operations, instead of polling-based getStatus –Reduce the number of getStatus operations –Can respond as soon as status has changed 8 Requester Provider getStatus Not_ready getStatus Reply Reply ready interval Requester Provider waitStatus(“Reply") Reply Reply ready Polling-based approachAsynchronous approach

Download ppt "Thoughts on the Firewall NAT issue* 1 Tomohiro Kudoh * I think the issue we are discussing as the “firewall issue” is almost a NAT issue (i.e. a process."

Similar presentations

© 2006 Open Grid Forum Network Service Interface in a Nut Shell GEC 19, Atlanta, GA Presenter: Chin Guok (ESnet) Contributors: Tomohiro Kudoh (AIST), John.

© 2006 Open Grid Forum Network Service Interface in a Nut Shell GEC 19, Atlanta, GA Presenter: Chin Guok (ESnet) Contributors: Tomohiro Kudoh (AIST), John.
Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
Guide to TCP/IP, Third Edition

Guide to TCP/IP, Third Edition
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
ICSA341 Data Communications and Computer Networks 1 Data Link Control •General principles.

ICSA341 Data Communications and Computer Networks 1 Data Link Control •General principles.
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
1 Link Layer & Network Layer Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari Balakrishnan, and Sam Madden Prof. Dina Katabi.

1 Link Layer & Network Layer Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari Balakrishnan, and Sam Madden Prof. Dina Katabi.
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.

Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
An Introduction to Internetworking. Algorithm for client-server communication with UDP (connectionless) A SERVER A CLIENT Create a server-socket (listener)and.

An Introduction to Internetworking. Algorithm for client-server communication with UDP (connectionless) A SERVER A CLIENT Create a server-socket (listener)and.
Chapter 26 Client Server Interaction Communication across a computer network requires a pair of application programs to cooperate. One application on one.

Chapter 26 Client Server Interaction Communication across a computer network requires a pair of application programs to cooperate. One application on one.
CSIT 320 (Blum)1 Client-Server Interaction Based on Appendix 1 in Computer Networks and Internets, Comer.

CSIT 320 (Blum)1 Client-Server Interaction Based on Appendix 1 in Computer Networks and Internets, Comer.
Chapter 5 Link Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Link Layer5-1 5.6 data center.

Chapter 5 Link Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Link Layer data center.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
Programming Network Servers Topic 6, Chapters 21, 22 Network Programming Kansas State University at Salina.

Programming Network Servers Topic 6, Chapters 21, 22 Network Programming Kansas State University at Salina.
CS 3214 Computer Systems Godmar Back Lecture 24 Supplementary Material.

CS 3214 Computer Systems Godmar Back Lecture 24 Supplementary Material.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

Similar presentations

Ads by Google