Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC458 Programming Assignment II: NAT

Published byRaymond Hardy Modified over 6 years ago

Similar presentations

Presentation on theme: "CSC458 Programming Assignment II: NAT"— Presentation transcript:

1 CSC458 Programming Assignment II: NAT

2 Recall PA I Static topology + static routing table
IP Routing + ICMP messages ARP requests and replies

3 PA II Overview You’re going to write a “simplified” NAT (+Router)
Take your PA I NAT handling ICMP and TCP

4 Recap: What is NAT? NAT = Network Address Translation
Translate between IP address ranges Private to public IP address Private: /8, /12, /16 Enables one IP address to be shared among lots of devices Conserve IPv4 addresses

5 Outline Use mininet to create a NAT
HTTP servers and switch are outside of NAT Client is inside NAT

6 Required Functionality
Pinging the NAT's internal interface from client host machines Pinging any of the HTTP servers Downloading files using HTTP from the app servers

7 Required Functionality
Keep your PA 1 functionality Enable NAT with ./sr_nat –n ICMP messages Ping echo request + reply External host independence TCP packets Endpoint-Independent mapping behavior Endpoint-Independent filtering Simultaneous open Mapping timeouts MUST be configurable Refer to course webpage for detailed instructions

8 Example: ICMP Echo Request
Ping (ICMP ECHO) Src: Dst: Id: 100 Ping (ICMP ECHO) Src: client Dst: Id: 10

9 Example: ICMP Echo Reply
Ping (ICMP ECHO Reply) Src: Dst: Id: 100 Ping (ICMP ECHO Reply) Src: Dst: client Id: 10

10 ICMP: External Host Independence
Rewriting is the same, Independent of packet destination Timeout after 60 seconds Ping (ICMP ECHO) Src: client Dst: Id: 10 Ping (ICMP ECHO) Src: client Dst: Id: 10 Ping (ICMP ECHO) Src: Dst: Id: 100 Ping (ICMP ECHO) Src: Dst: Id: 100

11 TCP: Requirements Endpoint-Independent Mapping behavior
If a mapping (x,px)(x’,px’) is created for a packet destined to (y1,py1) Then the same mapping is used for for packets from (x,px) to (y2,py2) (i.e. doesn’t depend on endpoints) Endpoint-Independent Filtering If a mapping (x,px)(x’,px’) is created for (y1,py1), then allow (y2,py2) to communicate to (x,px) via (x’,px’) Simultaneous open Dealing with Inbound SYNs Timeouts and a few others (webpage lists all) Use ports > 1023 for mapping.

12 Threads! Spawn a thread to timeout NAT entries
Similar to ARP cache timeouts Search code for pthread_create, pthread_mutex_lock Synchronize access to shared data using locks NAT mapping lookup, insertion, deletion, etc. Be conservative with locks Race conditions harder to debug than deadlocks

13 Data Structures Mapping table Remember: locks!
Linked list is fine, O(n) lookup ICMP or TCP Keep a time field to remember when a mapping was used Remember: locks! Protect all accesses: lookup, insertion, deletion

14 Rough pseudocode Receive packet on an interface Check if ICMP or TCP If packet is outbound (internal -> external) insert or lookup unique mapping else: if no mapping and not a SYN (for simultaneous open) drop packet Rewrite IP src (dst) for outgoing (incoming) packets Rewrite ICMP ID / TCP port Update relevant checksums Route packet

15 Rough pseudocode This is just to give you a rough idea Start early!
Details missing (rules for filtering, reusing mapping, etc.) ICMP port unreachable, etc. Locks  Read instructions for detailed information Start early! Due Friday Nov. 28th

16 Summary Build on top of PA 1 NAT must work for ICMP, TCP
UDP: not required, but up to you... Clear defunct mappings using timeouts Timeouts must be configurable ICMP query id timeout TCP established timeout TCP transitory timeout (e.g. SYN sent but no response) Which means you have to track TCP state transitions 

17 Things Might Be Helpful
Modularize your code! To handle NAT state insertions, lookups, etc. Dealing with ICMP, TCP Start with ICMP first, then move to TCP Debugging workflow Mininet console, tcpdump, ping, wireshark GDB/Valgrind Debug Functions print_hdrs, print_addr_ip_int

Download ppt "CSC458 Programming Assignment II: NAT"

Similar presentations

CSC458 Programming Assignment II: NAT Nov 7, 2014.

CSC458 Programming Assignment II: NAT Nov 7, 2014.
Router Implementation Project-2

Router Implementation Project-2
10: ICMPv6 Neighbor Discovery

10: ICMPv6 Neighbor Discovery
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Leone From global measurements to local management UC3M: inHome NAT detection RFC recommender ICMP UDP TCP Miguel Ángel Díaz, Francisco Valera.

Leone From global measurements to local management UC3M: inHome NAT detection RFC recommender ICMP UDP TCP Miguel Ángel Díaz, Francisco Valera.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.
Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.

Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.
Lab 4: Simple Router CS144 Lab 4 Screencast May 2, 2008 Ben Nham Based on slides by Clay Collier and Martin Casado.

Lab 4: Simple Router CS144 Lab 4 Screencast May 2, 2008 Ben Nham Based on slides by Clay Collier and Martin Casado.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
CSC458/2209 PA1 Simple Router Based on slides by: Antonin Seyed Amir Hejazi 19/09/2014 CSC458/2209 - Computer Networks, University of Toronto.

CSC458/2209 PA1 Simple Router Based on slides by: Antonin Seyed Amir Hejazi 19/09/2014 CSC458/ Computer Networks, University of Toronto.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
1 Internet Control Message Protocol (ICMP) RIZWAN REHMAN CCS, DU.

1 Internet Control Message Protocol (ICMP) RIZWAN REHMAN CCS, DU.
Middleboxes & Network Appliances EE122 TAs Past and Present.

Middleboxes & Network Appliances EE122 TAs Past and Present.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
4: Addressing Working At A Small-to-Medium Business or ISP.

4: Addressing Working At A Small-to-Medium Business or ISP.
Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.

Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.

Similar presentations

Ads by Google