Computer Networks and Internets with Internet Applications 4

Computer Networks and Internets with Internet Applications, 4 e By Douglas E. Comer Lecture Power. Points By Lami Kaya, LKaya@ieee. org © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

Chapter 26 Network Address Translation © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

Topics Covered • • • 26. 1 Introduction 26. 2 The Requirement For Unique Addresses 26. 3 Network Address Translation Technology 26. 4 NAT Topology 26. 5 Possible Implementations Of NAT 26. 6 Basic Address Translation 26. 7 Translation Table 26. 8 NAPT And TCP Splicing 26. 9 Other Variants: Twice NAT And CAT 26. 10 NAT Software And Systems For Use At Home © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

26. 1 Introduction This chapter • considers an alternative in which multiple computers share a single IP address • examine both the motivation for address sharing and the technical details © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

26. 2 The Requirement For Unique Addresses • As Internet grew, it became apparent that the classful address scheme would not suffice – Subneting – Classless addressing – A third mechanism allows multiple computers at a site to operate at the same time with only one globally valid IP address • Can multiple computers use one IP address? • To assign the same address to multiple host does not work – if two or more computers on a network attempt to use one address, conflicts arise • Thus, to ensure that address binding operates correctly – each computer on a network must be assigned a unique IP add © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

26. 3 Network Address Translation Technology • NAT makes it possible for a site on the Internet to have a single, valid IP address for multiple computers – and no address conflicts • NAT assigns each computer a locally unique address • Local addresses are private (known as non-routable) Ex: 10. 0 /8 has been reserved as a private address • Routers at the site are configured to forward datagrams that contain the private addresses – Before a datagram from the site can be allowed onto the Internet, private IP source address global IP address – NAT translates the destination address in each datagram global Internet address private destination address © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

26. 4 NAT Topology • NAT runs as an in-line configuration – A device running NAT is placed on the connection between the site and the Internet – so that all packets entering or leaving the site go through NAT • Figure 26. 1 illustrates the architecture • The system administrator – configures NAT with a the globally-valid IP address (shared) – assigns each computer at the site a private IP address • NAT translates the addresses in all packets – so computers on the Internet never see the private addresses © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

© 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved. 8

26. 5 Possible Implementations Of NAT • NAT can be implemented in HW or SW • SW is generally less expensive, but only suffice for lower -speed networks • Some routers HW may include a SW for NAT – Combining the NAT and router functionality into one device reduces the overall cost, but also reduces the network speed • For a high-speed network, such as a gigabit Ethernet – A SW for NAT cannot cope with arrival rate of packets – Special-purpose HW is required to perform NAT at “wire speed” • The term “wire speed” to refer to the maximum speed at which the underlying network can deliver packets © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

26. 6 Basic Address Translation • The goal of NAT is to provide an illusion: – When viewed from the Internet, the site appears to consist of a single host computer – All datagrams originate from the computer and all replies are sent to the computer • To achieve the illusion, a NAT device must process each packet that enters or leaves the site • Example Source address: Destination address: 10. 0. 0. 1 128. 211. 134. 4 • Figure 26. 2 illustrates an example translations © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

© 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved. 11

26. 7 Translation Table • How can NAT know which private address to use for an incoming datagram? – NAT uses a translation table • The table has separate entries for each direction of packet flow – An entry specifies the field to change as well as the new value – Ex: Figure 26. 3 gives a translation table that corresponds to the address mapping in Figure 26. 2 • How are values placed in a translation table? – Although values can be configured manually by an administrator • NAT can also operate automatically © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

© 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved. 13

26. 8 NAPT And TCP Splicing • What happens if two or more computers at a site communicate with the same remote destination, D? – Many-to-one • What about one or more applications on a host at a site attempt to simultaneous communication with different destinations on the internet? – One-to-many • Basic NAT fails in both cases • A more sophisticated version of NAT handles both problems – known as Network Address and Port Translation (NAPT) • NAPT is the most popular form of NAT – NAPT translates protocol port numbers as well as IP addresses © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

© 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved. 15

26. 9 Other Variants: Twice NAT And CAT • Automatic table construction does not work well for communication initiated from the Internet to the site • A variant of NAT called Twice NAT allows a site to run servers • The variant works with the “Domain Name System” (DNS) and requires the name server to interact with the NAT device • When an application on the Internet looks up the domain name of a computer at the site – the DNS for the site returns the site's valid IP address, and places an entry in the NAT translation table – the translation table is initialized before the first packet arrives. • Twice NAT fails if an application uses the IP address directly without performing a domain name lookup first © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

26. 10 NAT Software And Systems For Use At Home • NAT is especially useful at a residence that has a cable modem or DSL connection • SW is available that allows a PC to both use the Internet and function as a NAT device for other PCs. – The concept of NAT originally appeared in a UNIX program named slirp – A program named Masquerade implements NAT for the Linux OS – Microsoft's Internet Connection Sharing (ICS) SW implements NAT • In addition to SW that run on PCs – dedicated NAT HW are available at low cost – dedicated systems often combine the functionality of NAT and a hub in a single physical device • For example, Figure 26. 5 illustrates a dedicated NAT device © 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved.

© 2007 Pearson Education Inc. , Upper Saddle River, NJ. All rights reserved. 18