Lecture 26 cn_aizaz

Lecture 26 cn_aizaz - •Data Communication and Networks 1...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: •Data Communication and Networks 1 NAT: Motivation IP addresses are scarce. An ISP might have a /16 (formerly class B) address, An ISP might have a /16 (formerly class B) address, giving it 65,534 host numbers. If it has more customers than that, it has a problem. If it has more customers than that, it has a problem. 2 Home Users For home customers with dial­up connections, one way around the problem is to dynamically assign an IP address to a computer when it calls up and logs in and take the IP address back when the session ends In this way, a single /16 address can handle up to In this way, a single /16 address can handle up to 65,534 active users, which is probably good enough for an ISP with several hundred thousand customers. 3 When the session is terminated, the IP address is reassigned to another caller. While this strategy works well for an ISP with a While this strategy works well for an ISP with a moderate number of home users, it fails for ISPs that primarily serve business customers. 4 Business Users The problem is that business customers expect to be on­line continuously during business hours. This means that each computer must have its own IP This means that each computer must have its own IP address all day long. 5 In effect, the total number of computers owned by all its business customers combined cannot exceed the number of IP addresses the ISP has. For a /16 address, this limits the total number of For a /16 address, this limits the total number of computers to 65,534. For an ISP with tens of thousands of business For an ISP with tens of thousands of business customers, this limit will quickly be exceeded. 6 ADSL or Internet over Cable Users To make matters worse, more and more home users are subscribing to ADSL or Internet over cable. A features of these services is that the user gets a A features of these services is that the user gets a permanent IP address Since many ADSL and cable users just stay logged Since many ADSL and cable users just stay logged in permanently, this development just adds to the shortage of IP addresses. 7 The problem of running out of IP addresses is not a theoretical problem that might occur at some point in the distant future. It is happening right here and right now. It is happening right here and right now. 8 IPv6 – Long term solution The long­term solution is for the whole Internet to migrate to IPv6, which has 128­bit addresses. This transition is slowly occurring, but it will be years This transition is slowly occurring, but it will be years before the process is complete. 9 NAT – A quick fix As a consequence, some people felt that a quick fix was needed for the short term. This quick fix came in the form of This quick fix came in the form of NAT ­ (Network Address Translation) 10 NAT: Basic Idea The basic idea behind NAT is to assign each company a single IP address (or at most, a small number of them) for Internet traffic. Within the company, every computer gets a unique Within the company, every computer gets a unique IP address, which is used for routing internal traffic. However, when a packet exits the company and goes However, when a packet exits the company and goes to the ISP, an address translation takes place 11 Private IP Addresses To make this scheme possible, three ranges of IP addresses have been declared as private. Companies may use them internally as they wish. Companies may use them internally as they wish. The only rule is that no packets containing these The only rule is that no packets containing these addresses may appear on the Internet itself. 12 Private IP Addresses Ranges The three reserved ranges are: 10.0.0.0 – 10.255.255.255/8 (16,777,216 hosts) 172.16.0.0 – 172.31.255.255/12 (1,048,576 hosts) 192.168.0.0 – 192.168.255.255/16 (65,536 hosts) 13 NAT Box Within the company premises, every machine has a unique address of the form 10.x.y.z. However, when a packet leaves the company However, when a packet leaves the company premises, it passes through a NAT box that converts the internal IP source address, 10.0.0.1, to the company's true IP address, 198.60.42.12 in this example. The NAT box is often integrated into the company's The NAT box is often integrated into the company's router. 14 NAT: Network Address Translation rest of Internet 10.0.0.4 local network (e.g., home network) 10.0.0/24 10.0.0.1 10.0.0.2 198.60.42.12 10.0.0.3 All datagrams leaving local network have same single source NAT IP address: 198.60.42.12, different source port numbers Datagrams with source or destination in this network have 10.0.0/24 address for source, destination (as usual) 15 Problem? When the reply comes back (e.g., from a Web server), it is naturally addressed to 198.60.42.12, so how does the NAT box know which address to replace it with? 16 Solution: Port Numbers Most IP packets carry either TCP or UDP payloads. Both of these have headers containing a source port Both of these have headers containing a source port and a destination port. The ports are 16­bit integers that indicate where the The ports are 16­bit integers that indicate where the TCP connection begins and ends. These ports provide the field needed to make NAT These ports provide the field needed to make NAT work. 17 When a process wants to establish a TCP connection with a remote process, it attaches itself to an unused TCP port on its own machine. This is called the source port and tells the TCP code This is called the where to send incoming packets belonging to this connection. The process also supplies a destination port to tell The process also supplies a who to give the packets to on the remote side. 18 For example, port 80 is the port used by Web servers, so remote clients can locate them. Each outgoing TCP message contains both a source Each outgoing TCP message contains both a source port and a destination port. Together, these ports serve to identify the processes Together, these ports serve to identify the processes using the connection on both ends. 19 Translation for Outgoing Packets Whenever an outgoing packet enters the NAT box, the 10.x.y.z source address is replaced by the company's true IP address. In addition, the TCP Source port field is replaced by In addition, the TCP Source port field is replaced by an index into the NAT box's 65,536­entry translation table. This table entry contains the original IP address and This table entry contains the original IP address and the original source port. 20 Translation for Incoming Packets When a packet arrives at the NAT box from the ISP, the Source port in the TCP header is extracted and used as an index into the NAT box's mapping table. From the entry located, the internal IP address and From the entry located, the internal IP address and original TCP Source port are extracted and inserted into the packet. The packet is then passed to the company router for The packet is then passed to the company router for normal delivery using the 10.x.y.z address. 21 Problems with NAT NAT violates the architectural model of IP which states that every IP address uniquely identifies a single machine worldwide. NAT violates the independence of layers. NAT violates the independence of layers. Since the NAT box’s translation table is limited to Since the NAT box’s translation table is limited to 65,536 entries, so at most 65,536 machines can be mapped onto an IP address. 22 ...
View Full Document

This note was uploaded on 12/18/2010 for the course ME 22 taught by Professor Rashid during the Spring '10 term at Superior University Lahore.

Ask a homework question - tutors are online