How to share a single public IP
address among multiple devices within a private network?
Network Address Translation (NAT)
Copyright By PowCoder代写 加微信 powcoder
An approach to address allocation (RFC 2663, 3022)
NAT Translation Table
The router runs a DHCP server to provide addresses to computers within the home network.
138.76.29.7, 5001
10.0.0.1, 3345
S=138.76.29.7, 5001
Multiplying the
D=128.119.40.186, 80
S=10.0.0.1, 3345 D=128.119.40.186, 80
S=128.119.40.186, 80 D=138.76.29.7, 5001
S=128.119.40.186, 80 D=10.0.0.1, 3345
Router’s IP Address – taken from ISP’s DHCP server
Address for devices – from DHCP server run by the router
number of devices sharing the same IP
10.0.0.2 10.0.0.3
NAT-enabled router hides details of the home network from the outside world; behaves like a
single device with a single IP address (does not appear as a router anymore)
Addressing 2
Network Address Translation (NAT)
An approach to address allocation (RFC 2663, 3022)
NAT router generates a new source port number for each datagram it receives from the private network (realm of private addresses)
NAT Translation Table
138.76.29.7, 5001
10.0.0.1, 3345
Address space 10.0.0.0/8 is one of three portions of the IP address space that is reserved in
RFC1918 for a private network
Addressing 3
10.0.0.1 10.0.0.2 10.0.0.3
Network Address Translation (NAT)
Reserved Private IP address blocks (RFC 1918)
1. 10.0.0.0 – 10.255.255.255 /8 = 16,777,216 host interfaces
2. 172.16.0.0 – 172.31.255.255 /12 = 1,048,576
3. 192.168.0.0 – 192.168.255.255 /16 = 65,536
• Three blocks of IP address have been declared as private.
• A household/company, etc. can allocate them to PCs/servers within
their own network as they like but they must not be used outside the network and hence within the internet (cannot be used either as a source or a destination address).
Addressing 4
Network Address Translation (NAT)
PROBLEMS with NAT:
An approach to address allocation (RFC 2663, 3022)
NAT Translation Table
138.76.29.7, 5001
10.0.0.1, 3345
• Violates the use of port numbers
• Routers are supposed to process packets only up to layer 3
• Violates End-to-End argument; Host addresses should not be modified
• Interferes with P2P applications. A host behind a NAT-enabled router cannot act as a server.
• Suggestion by purists in the IETF: IPv6 should be used instead! Addressing 5
S=10.0.0.1, 3345 D=128.119.40.186, 80
Not a problem anymore! A UPnP- enabled NAT can communicate with a P2P application to negotiate the setting of an external port number to be used.
Carrier-Grade Network Address Translation (CGNAT) / Large Scale NAT
• As ISPs face IPv4 address scarcity they increasingly turn to network address translation (NAT) to accommodate the address needs of their customers.
• Recently, ISPs have moved beyond employing NATs only directly at individual customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply address translation to many independent and disparate endpoints spanning physical locations.
A Multi-perspective Analysis of Carrier-Grade NAT Deployment
https://arxiv.org/pdf/1605.05606.pdf
Addressing 6
Carrier-Grade Network Address Translation (CGNAT) / Large Scale NAT
A Multi-perspective Analysis of Carrier-Grade NAT Deployment
https://arxiv.org/pdf/1605.05606.pdf
Addressing 7
Getting a datagram from source
to destination:
when both hosts are in the same subnet
Addressing 8
Example#1 HostAwantstosendanIPdatagramtoHostB Getting a datagram from source to dest.
misc fields
Dest. Net. next router Nhops
misc source fields IP addr
dest IP addr
223.1.1.1 223.1.1.2
source dest IP addr IP addr
routing table in A
223.1.1.1 223.1.1.3 data IP datagram:
1 223.1.1.4 2
datagram addresses remain unchanged, as it travels from source to destination
223.1.2.1 223.1.1.4 223.1.2.9
Addresses are the fields of
223.1.3.27
interest here
Host A learns that Host B can be reached directly via its outgoing interface. In turn, the Link-Layer protocol delivers the datagram to Host B. (details on next slide)
Addressing 9
223.1.2.2 E 223.1.3.2
223.1.2 223.1.3
223.1.1.4 2
Example#1 HostAwantstosendanIPdatagramtoHostB Getting a datagram from source to dest.
misc fields
Dest. Net. next router Nhops
source dest IP addr IP addr
B is on the same network as A
223.1.1.1 223.1.1.3 data Starting at A, given IP
1 223.1.1.4 2
datagram addressed to B:
look up net. address of B A
223.1.2 223.1.3
223.1.1.4 2 223.1.2.1
finds B is on same net. as A
link layer will send datagram directly to B inside link-layer frame
223.1.1.4 223.1.2.9
B and A are directly connected
223.1.3.27
223.1.2.2 E 223.1.3.2
Addressing 10
Getting a datagram from source
to destination:
when the destination host is residing in a different subnet as the source
Addressing 11
Example#2 HostAwantstosendanIPdatagramtoHostE Getting a datagram from source to dest.
source dest IP addr IP addr
misc 223.1.1.1 223.1.2.2 data fields
Dest. Net. next router Nhops
Starting at A, dest. E:
look up network address of E
E on different network
A, E not directly attached
routing table: next hop router to
223.1.1.4 223.1.2.9
E is 223.1.1.4
link layer sends datagram to
223.1.2.2 E 223.1.3.2
router 223.1.1.4 inside link- layer frame
223.1.3.27
datagram arrives at 223.1.1.4
continued….. Continued on next slide…
223.1.1.1 223.1.1.2
1 223.1.1.4 2
223.1.1.4 2 223.1.2.1
Addressing 12
Example#2 HostAwantstosendanIPdatagramtoHostE Getting a datagram from source to dest.
misc fields
network router Nhops interface
source dest IP addr IP addr
Dest. next
223.1.1.1 223.1.2.2 data Arriving at 223.1.1.4,
1 223.1.1.4 1 223.1.2.9
destined for 223.1.2.2
1 223.1.3.27
look up network address of E
223.1.1.1 223.1.1.2
E on same network as router’s interface 223.1.2.9
Router & E are directly attached to each other
223.1.1.4 223.1.2.9
link layer sends datagram to 223.1.2.2 inside link-layer frame
223.1.3.27
via interface 223.1.2.9
datagram arrives at 223.1.2.2!!!
223.1.2.2 E 223.1.3.2
Addressing 13
Exercise#1
Show the forwarding process if a packet arrives at R1 in the figure with the destination address 180.70.65.140.
subnet: 201.4.16.0/22
subnet: 201.4.22.0/24
Routing Table for Router 1 (R1)
subnet: 180.70.65.192/26
Mask Network Next Hop Interf Address ace
/26 180.70.65.192 – M2
/25 180.70.65.128 – M0
rest of the Internet
/24 201.4.22.0 – M3
/22 201.4.16.0 … M1
180.70.65.200/26
Any Any 180.70.65.20 m2 0
Addressing 14
201.4.16.2/22
201.4.22.3/24 180.70.65.194/26
subnet: 180.70.65.128/25
180.70.65.135/25
Exercise#1
(continuation…)
Show the forwarding process if a packet arrives at R1 in the figure with the destination address 180.70.65.140.
Routing Table for Router 1 (R1)
Mask Network Address
/26 180.70.65.192 /25 180.70.65.128 /24 201.4.22.0 /22 201.4.16.0 Any Any
– M2 – M0 – M3 … M1 180.70.65.200 m2
Addressing 15
Exercise#1
(continuation…)
Show the forwarding process if a packet arrives at R1 in the figure with the destination address 180.70.65.140.
Routing Table for Router 1 (R1)
Mask Network Address
Is the packet destined to interface M2?
/26 180.70.65.192 /25 180.70.65.128 /24 201.4.22.0 /22 201.4.16.0 Any Any
– M2 – M0 – M3 … M1 180.70.65.200 m2
110100010001100100000110001100
32 16 0 4 0 0 0 64 0 0 0 4 2 0 0 64 0 0 0 0 0 1 128 0 0 0 8 4 0 0 180 70 65 140
111111 11111111 11111111 11000000
32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 0 0 0 0 0 0
110100 01000110 01000001 10000000
32 16 0 4 0 0 0 64 0 0 0 4 2 0 0 64 0 0 0 0 0 1 128 0 0 0 0 0 0 0
180 70 65 128 Addressing 16 See the Excel worksheet to find the solution.
Exercise#1
(continuation…)
Show the forwarding process if a packet arrives at R1 in the figure with the destination address 180.70.65.140.
Routing Table for Router 1 (R1)
Mask Network Address
Is the packet destined to interface M0?
/26 180.70.65.192 /25 180.70.65.128 /24 201.4.22.0 /22 201.4.16.0 Any Any
– M2 – M0 – M3 … M1 180.70.65.200 m2
110100010001100100000110001100
32 16 0 4 0 0 0 64 0 0 0 4 2 0 0 64 0 0 0 0 0 1 128 0 0 0 8 4 0 0 180 70 65 140
11111111 11111111 11111111 10000000
128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 0 0 0 0 0 0 0
10110100 01000110 01000001 10000000
128 0 32 16 0 4 0 0 0 64 0 180
0 0 4 2 0 0 64 0 70
0 0 0 0 1 128 0 0 65
See the Excel worksheet to find the solution.
Addressing 17
Exercise#2
Show the forwarding process if a packet arrives at R1 in the figure with the destination address 18.24.32.78.
subnet: 201.4.16.0/22
subnet: 201.4.22.0/24
Mask Network
Address ace
subnet: 180.70.65.192/26
/26 180.70.65.192 /25 180.70.65.128 /24 201.4.22.0 /22 201.4.16.0 Any Any
– M2 – M0 – M3
rest of the Internet
Next Hop Interf
… M1 180.70.65.200 m2
180.70.65.200/26
Addressing 18
201.4.16.2/22
201.4.22.3/24 180.70.65.194/26
subnet: 180.70.65.128/25
180.70.65.135/25
Exercise#2
Show the forwarding process if a packet arrives at R1 in the figure with the destination address 18.24.32.78.
All masks are applied, one by one, to the destination address, but no matching network address is found. When it reaches the end of the table, the module gives the next-hop router’s address 180.70.65.200 and interface number m2 to ARP (link-layer protocol). This is probably an out-going packet that needs to be sent, via the default router, to someplace else in the internet.
Mask Network
Address ace
/26 180.70.65.192 /25 180.70.65.128 /24 201.4.22.0 /22 201.4.16.0 Any Any
– M2 – M0 – M3
Next Hop Interf
… M1 180.70.65.200 m2
Addressing 19
IP datagram format
Some header fields are optional. This helps to indicate where data actually begins
IP protocol version number header length (bytes)
32 bits ver header type of
total datagram (header + data)
“type” of data
16-bit identifier time to upper
for fragmentation/ reassembly
max number remaining hops
offset Header
(decremented at each router)
Calculated based on the header only (treated as sequence of 16bits)
Protocol to deliver payload to (either a transport layer (TCP,UDP) or an encapsulated network layer protocol (ICMP)
Options (if any)
E.g. timestamp, record route taken, specify list of routers to visit.
len service length HEADERSfragment
length (bytes)
layer protocol
32 bit source IP address
32 bit destination IP address
typically a TCP e.g. IP Broadcast address: or UDP segment,
Without options, header=20 bytes
can be ICMP message) 255.255.255.255 – message is delivered
to all hosts on the same network
Addressing 20
data (variable length,
Note: checksum must be recomputed each time the TTL field and possibly the options field changes.
IP Fragmentation & Reassembly
network links have MTU (max. transmission unit) – largest possible amount of data in a link-level frame.
Performed by DESTINATION HOST
different link types, different MTUs
fragmentation example: input: one large datagram output: 3 smaller datagrams
large IP datagram is divided (“fragmented”) within the net
one datagram becomes several datagrams (FRAGMENTS)
reassembly
“reassembled” only at the end-system
IP header bits used to identify the order of related fragments
Supported by IP: MTUs of at least 576 bytes
MSS=536 bytes, TCP segment header=20 bytes, IP datagram headeArdd=re2s0sinbgytes21
Minimum MTU (IPv4)
See excel file
length ID =1500 =x
1,480 bytes
flag Offset =1 0
1,480 bytes
length ID =1500 =x
flag Offset
=1 185 (i.e. 185 * 8 =1480)
[1480,2959]
1,020 bytes
length ID =1040 =x
flag Offset
=0 370 (i.e. 370*8=2960)
[2960, 3979]
Total Size of Datagram = 4,000 bytes
20 bytes of IP header, 3,980 bytes of IP Payload
IP Fragmentation and Reassembly
A datagram of size 4,000 bytes arrives at a router, and must be forwarded to a link with MTU of 1,500 bytes.
length ID =4000 =x
fragflag offset =0 =0
One large datagram becomes several smaller datagrams
Multiple of 8 bytes
Addressing 22
ICMP: Internet Control Message Protocol
ICMP is used by hosts and routers to communicate network-layer information to each other.
Web browser
130.123.246.32
Addressing 23
Type 3, Code 0
“Destination network unreachable”
(includes header and first 8 bytes of datagram that generated the error)
130.123.246.32 ??
ICMP: Internet Control Message Protocol
used by hosts, routers, gateways to communicate network-level information
Type Code description
error reporting: unreachable host (path to a host cannot be found!), network, port, protocol
echo reply (ping)
echo request/reply (used by ping)
dest. network unreachable dest host unreachable dest protocol unreachable dest port unreachable dest network unknown dest host unknown
Part of IP, but architecturally lies “above” IP:
source quench (congestion control – not used)
echo request (ping)
route advertisement
ICMP msgs are carried as IP payload
ICMP message: comprised of header, type, code plus first 8 bytes of IP datagram causing error
router discovery
Ping source code: [Stevens 1990] W. R. Stevens, Unix Network Programming, Prentice-Hall, Englewood Cliffs, NJ.
Addressing 24
110 TTL expired Includes name and IP 120 bad IP header address of router
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com