Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPv4+4 Address extension with NATs Zoltán Turányi András Valkó Andrew Campbell (Rita)

Published byJaxson jay Severns Modified over 9 years ago

Similar presentations

Presentation on theme: "IPv4+4 Address extension with NATs Zoltán Turányi András Valkó Andrew Campbell (Rita)"— Presentation transcript:

1 IPv4+4 Address extension with NATs Zoltán Turányi András Valkó Andrew Campbell (Rita)

2 Problem: IPv4 address shortage IPv6 There for 6+ years No deployment Complicated transition Little incentives NAT Deployed Breaks end-to-end Breaks apps Single point of failure Not scalable Even more deployed

3 Why are NATs so popular? Very easy –No need to replace routers –No need to get more addresses Provide address isolation –Easy address planning independent of outside –Provider change does not result in renumbering –Some even think it is security

4 IPv4+4 Use existing multiple address realms NAT A B X X A.X B.X level 1 part level 2 part

5 IPv4+4 Use existing multiple address realms NAT 9.8.7.6 5.4.3.2 10.0.0.1 9.8.7.6.10.0.0.1 5.4.3.2.10.0.0.1

6 IPv4+4 packet versionhdrlen DS bytetotal length identificationfragment offsetflags TTLprotocolheader checksum source address destination address source address 2 destination address 2 protocol 2sposdposheader checksum 2 transport header + payload 233 covers addresses, len & protocol end-to-end

7 IPv4+4 routing RGW A B X Y A.X B.Y X B A Y X B A Y A B X Y A B X Y A Y X B packet routable based on IP header private addresses not visible in public realm private realm’s addresses not visible in another private realm

8 IPv4+4 routing RGW A B X C A.X C.0 X C A 0 X C A 0 A C X 0 4.3.2.1.0.0.0.0

9 IPv4+4 routing RGW A B Y C C.0 B.Y C B 0 Y C B 0 Y C Y 0 B

10 ICMP translation R R A RGW A B X Y R.0 A.X X B A Y A B X Y

11 ICMP translation R RGW A B X Y X B A Y A B X Y R A A Y X B B.R A.X

12 ICMP – a problem versionhdrlen DS bytetotal length identificationfragment offsetflags TTLprotocolheader checksum source address destination address source portdestination port sequence number (TCP)/length+checksum (UDP)

13 ICMP – a problem versionhdrlen DS bytetotal length identificationfragment offsetflags TTLprotocolheader checksum source address destination address source address 2 destination address 2 protocol 2sposdposheader checksum 2 source portdestination port sequence number (TCP)/length+checksum (UDP)

14 ICMP – a problem versionhdrlen DS bytetotal length identificationfragment offsetflags TTLprotocolheader checksum source address destination address source address 2 destination address 2 protocol 2sposdposheader checksum 2 source portdestination port sequence number (TCP)/length+checksum (UDP)

15 Summary - RGWs Legacy NAT Packet out: swap source Packet in: swap destination Add 4+4 header to ICMP messages Stateless, cheap processing

16 Summary – End hosts Generate & understand 4+4 header Decide if peer is in the same realm or not Obtain 4+4 addresses of peers –DNS –Configuration Application support needed

17 Implementation Linux kernel module Translates IPv4+4 packets and addresses –128.59.67.131.192.168.0.2 1.0.0.2 Mappings are dynamically created –Incoming packet –DNS request Packet headers inside ICMP errors DNS messages also affected

18 Implementation Linux kernel module – no kernel patch Load/unload any time KERNEL Module Applications userland kernel space

19 Implementation Linux kernel module – no kernel patch Uses netfilter hooks –Can examine and modify packet –Say a verdict: accept, drop, steal, queue Applications Input deviceOutput device PRE_ROUTINGPOST_ROUTING LOCAL_INPUTLOCAL_OUTPUT FORWARD

20 Applications Input deviceOutput device PRE_ROUTINGPOST_ROUTING LOCAL_INLOCAL_OUT FORWARD LOCAL_OUT If an ICMP error that carry a peer id inside => translate If destination is a peer id => translate LOCAL_IN If an ICMP error that carry a 4+4 packet => translate If v4+4 and addressed to us => translate If a DNS packet => QUEUE daemon QUEUEACCEPT

21 Applications Input deviceOutput device PRE_ROUTINGPOST_ROUTING LOCAL_INPUTLOCAL_OUTPUT FORWARD FORWARDING ICMP error carrying 4+4 packet => add IPv4+4 header 4+4 packet => swap source address PRE_ROUTING ICMP error carrying 4+4 packet => add IPv4+4 header 4+4 packet => swap destination address

22 DNS Each 4+4 address is stored as two “A” RR Name prepending is used as with SRV RRs Hostname: pleione.comet.columbia.edu. Records: l1.pleione.comet.columbia.edu 128.59.67.131 l2.pleione.comet.columbia.edu192.168.0.2 IPv4+4 address:128.59.67.131.192.168.0.2

23 DNS Kernel App Module Daemon Who is a.b.com? a.b.com doesn’t exist. Who is l1.a.b.com? Who is l2.a.b.com? l1.a.b.com is 2.3.4.5 l2.a.b.com is 6.7.8.9 Mapping: 2.3.4.5.6.7.8.9  1.0.0.2 a.b.com is 1.0.0.2

24 Testbed aphroditetaygeta 128.59.67.141128.59.67.131 pleione 192.168.0.2 192.168.0.1 DNS server WEB server ipv44.comet.columbia.edu WEB server pleione.ipv44.comet.columbia.edu pc11 195.228.209.132 Budapest, Hungary Comet Lab New York

25 aphroditetaygeta 128.59.67.141128.59.67.131 pleione 192.168.0.2 192.168.0.1

26 aphroditetaygeta 128.59.67.141128.59.67.131 pleione 192.168.0.2 192.168.0.1

27 aphroditetaygeta 128.59.67.141128.59.67.131 pleione 192.168.0.2 192.168.0.1

28 aphroditetaygeta 128.59.67.141128.59.67.131 pleione 192.168.0.2 192.168.0.1

29 aphroditetaygeta 128.59.67.141128.59.67.131 pleione 192.168.0.2 192.168.0.1

30 Experiments Applications/protocols –icmp, ssh, scp, telnet, ping, http –arp, snmp, dhcp, routing protocols –ftp, irc Network management/configuration –dns, firewall, routing

31 Performance Pentium III, 1 GHz machine Unloaded Measured the forwarding time Applications Input deviceOutput device PRE_ROUTING LOCAL_INPUTLOCAL_OUTPUT FORWARD POST_ROUTING

32 Performance

Download ppt "IPv4+4 Address extension with NATs Zoltán Turányi András Valkó Andrew Campbell (Rita)"

Similar presentations

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
CSC458 Programming Assignment II: NAT Nov 7, 2014.

CSC458 Programming Assignment II: NAT Nov 7, 2014.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.

CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
Lauri Virtanen Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department.

Lauri Virtanen Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.

Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.
Controlling access with packet filters and firewalls.

Controlling access with packet filters and firewalls.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Network Architectures Week 3 Part 2. Comparing The Internet & OSI.

Network Architectures Week 3 Part 2. Comparing The Internet & OSI.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

Similar presentations

Ads by Google