Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wide Area Networks and Internet CT1403 Lecture-7: Internet Network Layer (Part-2) 1.

Similar presentations


Presentation on theme: "Wide Area Networks and Internet CT1403 Lecture-7: Internet Network Layer (Part-2) 1."— Presentation transcript:

1 Wide Area Networks and Internet CT1403 Lecture-7: Internet Network Layer (Part-2) 1

2 Outline NAT: Network address Translation NAT and other Protocols: DHCP and DNS ICMP: Internet Control Message Protocol IPv6 2

3 NAT: Network Address Translation 3

4 NAT: network address translation 4

5 5

6 6

7 7

8 The basic idea behind NAT is to assign each company a single IP address or small number of IP addresses for Internet traffic. Within the company, every computer gets a unique IP address, which is used for the internal traffic. However when a packet exits the company and goes to the ISP, an address translation takes place. 8

9 NAT: network address translation 9

10 NAT: Reserved IP addresses for Private Networks To make this scheme possible, three ranges of IP addresses have been declared as private. Companies may use them internally as they which. The three reserved ranges are: 10.0.0.0 – 10.255.255.255/8 (16,777,216 hosts). 172.16.0.0 – 172.31.255.255/16 (1,048,576 hosts). 192.168.0.0 – 192.168.255.255/24 (65,536 hosts). 10

11 NAT: network address translation What happens when a host with a private address 192.168.1.3 wants to connect to a remote web sever with a public IP address 40.30.20.10 ? 11

12 Internet Communication & NAT This Communication can not be performed in the traditional Source- to-Destination method, because the destination can not respond to the source’s request using its private IP address! How to perform this communication ? Remember: Port 80 is reserved for HTTP request 12

13 Internet Communication & NAT Step 1Step 2 Step 3 Step 4 13

14 NAT router must:  outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)... remote clients/servers will respond using (NAT IP address, new port #) as destination addr  remember (in NAT translation (or forwarding) table) every (source IP address, port #) to (NAT IP address, new port #) translation pair  incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table NAT: Implementation 14

15 10.0.0.1 10.0.0.2 10.0.0.3 S: 10.0.0.1, 3345 D: 128.119.40.186, 80 1 10.0.0.4 138.76.29.7 1: host 10.0.0.1 sends datagram to 128.119.40.186, 80 NAT translation table WAN side addr LAN side addr 138.76.29.7, 5001 10.0.0.1, 3345 …… S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 2 2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3 3: reply arrives dest. address: 138.76.29.7, 5001 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345 NAT implementation: Example 2 15

16 NAT: network address translation 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 138.76.29.7 local network (e.g., home network) 10.0.0/24 rest of Internet datagrams with source or destination in this network have 10.0.0/24 address for source, destination (as usual) all datagrams leaving local network have same single source NAT IP address: 138.76.29.7,different source port numbers 16

17 NAT: Advantages 17

18 - local network uses just one IP address as far as outside world is concerned:  range of addresses not needed from ISP: just one IP address for all devices  can change addresses of devices in local network without notifying outside world  can change ISP without changing addresses of devices in local network  devices inside local net not explicitly addressable, visible by outside world (a security plus)  Security: the NAT box is often combined with the firewall. NAT: Advantages 18

19  16-bit port-number field:  60,000 simultaneous connections with a single LAN-side address!  NAT is controversial:  routers should only process up to layer 3  violates end-to-end argument NAT possibility must be taken into account by app designers, e.g., P2P applications  address shortage should instead be solved by IPv6 NAT Challenges ! 19

20 Objections of the IP Community against NAT: 1.NAT violates the architectural model of IP, which states that every IP address uniquely identifies a single machine worldwide. 2.NAT changes the internet from a connectionless network to a kind of connection-oriented network. The NAT box maintains information for each connection passing through it (This is a property of connection oriented networks). If the NAT box crashes, all its TCP connections are destroyed. 3.NAT violates the protocol layering: Layer k may not make any assumption about what layer k+1 has put into the payload field. This is to keep the layers independent. If TCP is upgraded to TCP-2, with different header layout, NAT will fail. The whole idea of layered protocols is to ensure that changes in one layer do not require changes in other layers. 20

21 Objections of the IP Community against NAT: 4.Processes on the Internet are not required to use TCP or UDP. Therefore, introduction of a NAT box will cause the application to fail because the NAT box will not be able to locate the TCP Source Port correctly. 5.Some applications insert IP addresses in the body of the text. The receiver then extracts these IP addresses and uses them. Since NAT cannot replace them, so any attempt to use them on the remote side will fail (e.g., FTP, H.323 Internet Telephony protocol, etc.) It is possible to patch NAT to work with an application, but having to patch the code in the NAT box for every new application is not a good idea. 6.Since the TCP Source Port is 16 bits, at most 65,536 machines can be mapped onto an IP address. Actually, the number is less because of the reserved ports. 21

22 NAT traversal problem: Local server  client wants to connect to a local server with address 10.0.0.1  server address 10.0.0.1 local to LAN (client can’t use it as destination addr)  only one externally visible NATed address: 138.76.29.7  solution1: statically configure NAT to forward incoming connection requests at given port to the local server  e.g., (123.76.29.7, port 2500) always forwarded to 10.0.0.1 port 25000 10.0.0.1 10.0.0.4 NAT router 138.76.29.7 client ? 22

23 NAT traversal problem  solution 2: Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol.  IGD: a NAT Port Mapping Protocol supported by some NAT routers to automatically configure port forwarding.  Allows NATed host to:  learn public IP address (138.76.29.7)  add/remove port mappings (with lease times) i.e., automate static NAT port map configuration 10.0.0.1 NAT router IGD 23

24 Do we Need NAT with IPv6? 24

25 Why Don’t we Jump to IPv6? 25

26 DHCP and NAT: How do they Work Together? 26

27 Configuring DHCP for NAT 27

28 Configuring DHCP for NAT 28

29 Configuring DHCP for NAT Step 1: DHCP discover by host 29

30 Configuring DHCP for NAT Step 2: DHCP offer by server 30

31 Configuring DHCP for NAT Step 3: DHCP request by host 31

32 Configuring DHCP for NAT Step 4 : DHCP Confirmation by server 32

33 Special Issues-1 33

34 Special Issues -2 34

35 Special Issues -3 35

36 How to Renew the assigned IP Address Lease Time : The duration or length of time the allocation of this IP address is valid. After this time, the host will not be able to use its assigned IP address. Therefore, the host needs to renew the lease. Lease time can be of any length: hours, days, months etc Long lease time : less traffic but wastes IP addresses. Short Lease time : higher overhead but the utilization of IP addresses could be better. How/When to renew the lease of the given IP address? Half-way through the lease ( after 50% of the lease time), the host speaks to the DHCP server saying that “I want to keep this IP address”. If the DHCP server did not response to the host renewal request for any reason, the host waits for another 50% of the time, then the host sends another request to the server The host keeps sending this request every 50% of the remaining time, e. g. if the total lease time was 4 days, then the host starts sending the renewal request after 2 days, then after 1 day, then after 12 hours then after 6 hours, then after 3 hours, then after 90 minutes, and so on. If the IP address expires, the host asks the DHCP server for a new IP address. 36

37  The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network.  DNS server maps DN to IP addresses  In my home network, DNS service is provided by my home router  Large enterprises environments use: Microsoft, Linux, Unix DNS servers. DNS: Domain Name System (LAN) 37

38  Local vs. Remote DNS server  Primary vs. Secondary DNS server Interaction between different DNS Servers 38

39  When my computer A connects to my home router R using DHCP, R provides A with the following information  A’s given IP address,  Subnet mask  IP of first-hop router (Default gateway),  IP of the local DNS server  IP of alternative DNS server(s) Putting all Together: DNS, NAT and DHCP Your IP= 192.168.1.3 Subnet Mask=255.255.255.0 Default Gateway= 192.168.1.1 DNS Server= 192.168.1.1 DNS (Primary)=208.55.44.1 DNS (Secondary)=207.75.89.6 39

40 ICMP: Internet Control Message Protocol 40

41 ICMP: Internet Control Message Protocol  used by hosts & routers to communicate network-level information  error reporting: unreachable host, network, port, protocol, TTL exceeded, IP checksum failed, invalid header, reassembly failed, etc.  echo request/reply (used by ping)  network-layer “above” IP:  ICMP msgs carried in IP datagrams ICMP principal messages and their description 41

42 ICMP: internet control message protocol  ICMP message: type, code plus first 8 bytes of IP datagram causing error Type Code description 0 0 echo reply (ping) 3 0 dest. network unreachable 3 1 dest host unreachable 3 2 dest protocol unreachable 3 3 dest port unreachable 3 6 dest network unknown 3 7 dest host unknown 4 0 source quench (congestion control - not used) 8 0 echo request (ping) 9 0 route advertisement 10 0 router discovery 11 0 TTL expired 12 0 bad IP header 42

43 Traceroute and ICMP  source sends series of UDP segments to dest  first set has TTL =1  second set has TTL=2, etc.  unlikely port number  when nth set of datagrams arrives to nth router:  router discards datagrams  and sends source ICMP messages (type 11, code 0)  ICMP messages includes name of router & IP address  when ICMP messages arrives, source records RTTs stopping criteria:  UDP segment eventually arrives at destination host  destination returns ICMP “port unreachable” message (type 3, code 3)  source stops 3 probes 43

44 IPv6 44

45 IPv6: motivation  initial motivation: 32-bit address space soon to be completely allocated.  additional motivation:  header format helps speed processing/forwarding  header changes to facilitate QoS IPv6 datagram format:  fixed-length 40 byte header  no fragmentation allowed 45

46 IPv6 datagram format priority: identify priority among datagrams in flow flow Label: identify datagrams in same “flow.” (concept of“flow” not well defined). next header: identify upper layer protocol for data data destination address (128 bits) source address (128 bits) payload len next hdr hop limit flow label pri ver 32 bits 46

47 Other changes from IPv4  checksum: removed entirely to reduce processing time at each hop  options: allowed, but outside of header, indicated by “Next Header” field  ICMPv6: new version of ICMP  additional message types, e.g. “Packet Too Big”  multicast group management functions 47

48 Transition from IPv4 to IPv6 48

49 Transition from IPv4 to IPv6  not all routers can be upgraded simultaneously  no “flag days”  how will network operate with mixed IPv4 and IPv6 routers?  tunneling: IPv6 datagram carried as payload in IPv4 datagram among IPv4 routers IPv4 source, dest addr IPv4 header fields IPv4 datagram IPv6 datagram IPv4 payload UDP/TCP payload IPv6 source dest addr IPv6 header fields 49

50 Tunneling physical view: IPv4 A B IPv6 E F C D logical view: IPv4 tunnel connecting IPv6 routers E IPv6 F A B Different tunneling techniques have been proposed so far. e.g. 6to4, Teredo, ISATAP, 6in46to4TeredoISATAP 50

51 flow: X src: A dest: F data A-to-B: IPv6 Flow: X Src: A Dest: F data src:B dest: E B-to-C: IPv6 inside IPv4 E-to-F: IPv6 flow: X src: A dest: F data B-to-C: IPv6 inside IPv4 Flow: X Src: A Dest: F data src:B dest: E physical view: A B IPv6 E F C D logical view: IPv4 tunnel connecting IPv6 routers E IPv6 F A B Tunneling IPv4 51


Download ppt "Wide Area Networks and Internet CT1403 Lecture-7: Internet Network Layer (Part-2) 1."

Similar presentations


Ads by Google