1. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas E. Comer Lecture PowerPoints By Lami Kaya, LKaya@ieee.org

2. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.2 Chapter 26 Network Address Translation

3. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.3 Topics Covered 26.1 Introduction 26.2 The Requirement For Unique Addresses 26.3 Network Address Translation Technology 26.4 NAT Topology 26.5 Possible Implementations Of NAT 26.6 Basic Address Translation 26.7 Translation Table 26.8 NAPT And TCP Splicing 26.9 Other Variants: Twice NAT And CAT 26.10 NAT Software And Systems For Use At Home

4. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.4 26.1 Introduction This chapter considers an alternative in which multiple computers share a single IP address examine both the motivation for address sharing and the technical details

5. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.5 26.2 The Requirement For Unique Addresses As Internet grew, it became apparent that the classful address scheme would not suffice –Subneting –Classless addressing –A third mechanism allows multiple computers at a site to operate at the same time with only one globally valid IP address Can multiple computers use one IP address? To assign the same address to multiple host does not work –if two or more computers on a network attempt to use one address, conflicts arise Thus, to ensure that address binding operates correctly –each computer on a network must be assigned a unique IP add

6. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.6 26.3 Network Address Translation Technology NAT makes it possible for a site on the Internet to have a single, valid IP address for multiple computers –and no address conflicts NAT assigns each computer a locally unique address Local addresses are private (known as non-routable) Ex: 10. 0. 0. 0 /8 has been reserved as a private address Routers at the site are configured to forward datagrams that contain the private addresses –Before a datagram from the site can be allowed onto the Internet, private IP source address  global IP address –NAT translates the destination address in each datagram global Internet address  private destination address

7. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.7 26.4 NAT Topology NAT runs as an in-line configuration –A device running NAT is placed on the connection between the site and the Internet –so that all packets entering or leaving the site go through NAT Figure 26.1 illustrates the architecture The system administrator –configures NAT with a the globally-valid IP address (shared) –assigns each computer at the site a private IP address NAT translates the addresses in all packets –so computers on the Internet never see the private addresses

8. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.8

9. 9 26.5 Possible Implementations Of NAT NAT can be implemented in HW or SW SW is generally less expensive, but only suffice for lower-speed networks Some routers HW may include a SW for NAT –Combining the NAT and router functionality into one device reduces the overall cost, but also reduces the network speed For a high-speed network, such as a gigabit Ethernet –A SW for NAT cannot cope with arrival rate of packets –Special-purpose HW is required to perform NAT at “wire speed” The term “wire speed” to refer to the maximum speed at which the underlying network can deliver packets

10. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.10 26.6 Basic Address Translation The goal of NAT is to provide an illusion: –When viewed from the Internet, the site appears to consist of a single host computer –All datagrams originate from the computer and all replies are sent to the computer To achieve the illusion, a NAT device must process each packet that enters or leaves the site Example Source address:10.0.0.1 Destination address:128.211.134.4 Figure 26.2 illustrates an example translations

11. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.11

12. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.12 26.7 Translation Table How can NAT know which private address to use for an incoming datagram? –NAT uses a translation table The table has separate entries for each direction of packet flow –An entry specifies the field to change as well as the new value –Ex: Figure 26.3 gives a translation table that corresponds to the address mapping in Figure 26.2 How are values placed in a translation table? –Although values can be configured manually by an administrator NAT can also operate automatically

13. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.13

14. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.14 26.8 NAPT And TCP Splicing What happens if two or more computers at a site communicate with the same remote destination, D? –Many-to-one What about one or more applications on a host at a site attempt to simultaneous communication with different destinations on the internet? –One-to-many Basic NAT fails in both cases A more sophisticated version of NAT handles both problems –known as Network Address and Port Translation (NAPT) NAPT is the most popular form of NAT –NAPT translates protocol port numbers as well as IP addresses

15. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.15

16. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.16 26.9 Other Variants: Twice NAT And CAT Automatic table construction does not work well for communication initiated from the Internet to the site A variant of NAT called Twice NAT allows a site to run servers The variant works with the “Domain Name System” (DNS) and requires the name server to interact with the NAT device When an application on the Internet looks up the domain name of a computer at the site –the DNS for the site returns the site's valid IP address, and places an entry in the NAT translation table –the translation table is initialized before the first packet arrives. Twice NAT fails if an application uses the IP address directly without performing a domain name lookup first

17. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.17 26.10 NAT Software And Systems For Use At Home NAT is especially useful at a residence that has a cable modem or DSL connection SW is available that allows a PC to both use the Internet and function as a NAT device for other PCs. –The concept of NAT originally appeared in a UNIX program named slirp –A program named Masquerade implements NAT for the Linux OS –Microsoft's Internet Connection Sharing (ICS) SW implements NAT In addition to SW that run on PCs –dedicated NAT HW are available at low cost –dedicated systems often combine the functionality of NAT and a hub in a single physical device For example, Figure 26.5 illustrates a dedicated NAT device

18. © 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.18