NET323 D: Network Protocols Networks and Communication Department Lecture 7: NAT (Network Address Translation) & process to process delivery
Network Address Translation (NAT) Why is NAT? The number of home users and small businesses that want to use the Internet is ever increasing. in the beginning, the users were connected to the Internet with a dial-up line, which means that they were connected for a specific period of time. Thus, the ISP would dynamically assign an address to this user. Nowadays the users can be connected by an ADSL line or cable modem. Which means given an IP for each user to be able to connect to the Internet. (Imagine the huge number of user!) A quick solution to this problem is called network address translation (NAT). Behrouz A. Forouzan” Data communications and Networking
How does NAT work? NAT enables a user to have a large set of addresses internally and one address, or a small set of addresses, externally. To separate the addresses used inside the home or business and the ones used in the Internet, the Internet authorities have reserved three sets of addresses as private addresses as shown below: Total Range 2^24 Class A: 10.0.0.0 To 10.255.255.255 2^20 Class B: 172.16.0.0 To 172.31.255.255 2^16 Class C: 192.168.0.0 To 192.168.255.255 For organization and universities For home users 18-Sep-18 Networks and Communication Department
How does NAT work? cont. Any organization can use an address out of that set without permission from the Internet authorities. No routers will forward a packet that has one of these addresses as the destination address. The site must have only one single connection to the global Internet through a router that runs the NAT software. 18-Sep-18 Networks and Communication Department
How does NAT work? cont. Address Translation: All the outgoing packets go through the NAT router, which replaces the source address with the global NAT address. All incoming packets also pass through the NAT router, which replace the destination address in the packet (the NAT router global address) with the appropriate private address. 18-Sep-18 Networks and Communication Department
How does NAT work? cont. Translation Table: The NAT router has a translation table with two columns: the private address and the external address (destination address of the packet). When the router translates the source address of the outgoing pcket, it also makes note of the destination address. When the response comes back from destination, the router uses the source address of the packet( as the external address) to find the private address of the packet. This most used by ISP since the customer initiate the connection with the server ( HTTP, FTP, TELNET) . 18-Sep-18 Networks and Communication Department
Types of NAT There are different types of NAT: Static NAT Dynamic NAT PAT 18-Sep-18 Networks and Communication Department
1. Static NAT The router that connect to the global address uses one private network address and one global address. The private address is transparent to the rest of the Internet. 18-Sep-18 Networks and Communication Department
2. Dynamic NAT Since the NAT router has only one global address, only one private-network host can access the same external host. To remove this restriction, the NAT uses a pool of global addresses. Dynamic NAT is used with public address pool, and works with more than one public address. Drawbacks: No more than one connection to the same destination at the same time. PAT is used to solve this… 18-Sep-18 Networks and Communication Department
2. Dynamic NAT cont. 18-Sep-18 Networks and Communication Department 205.197.101.111:21 18-Sep-18 Networks and Communication Department
3. PAT ( Port Address Translation) It allows many-to-many relationship between private-network hosts and external server programs. It needs more information in the translation table ( 5 columns) . Note that for this translation to work, the temporary port numbers ( 1400 and 1401 ) must be unique. Transport protocol External port External address Private port Private address TCP 80 25.8.3.2 1400 172.18.3.1 1401 172.18.3.2 … 18-Sep-18 Networks and Communication Department
Process-to-process delivery [ tcp - udp ]
PROCESS-TO-PROCESS DELIVERY The data link layer is responsible for delivery of frames between two neighboring nodes over a linkThis is called node-to-node delivery. The network layer is responsible for delivery of datagrams between two hosts This is called host-to-host delivery. Communication on the Internet is not defined as the exchange of data between two nodes or between two hosts. Real communication takes place between two processes (application programs). We need process-to-process delivery. However, at any moment, several processes may be running on the source host and several on the destination host. To complete the delivery, we need a mechanism to deliver data from one of these processes running on the source host to the corresponding process running on the destination host. 18-Sep-18 Networks and Communication Department
Transport layer The transport layer is responsible for process-to-process delivery-the delivery of a packet, part of a message, from one process to another. Two processes communicate in a client/server relationship Figure 23.1 Types of data deliveries 18-Sep-18 Networks and Communication Department
Client/Server Paradigm Although there are several ways to achieve process-to- process communication, the most common one is through the client/server paradigm. A process on the local host, called a client, needs services from a process usually on the remote host, called a server. Both processes (client and server) have the same name. For example, to get the day and time from a remote machine, we need a Daytime client process running on the local host and a Daytime server process running on a remote machine. 18-Sep-18 Networks and Communication Department
Addressing At the transport layer, we need a transport layer address, called a port number, to choose among multiple processes running on the destination host. The destination port number is needed for delivery; the source port number is needed for the reply. In the Internet model, the port numbers are 16-bit integers between 0 and 65,535. The client program defines itself with a port number, chosen randomly by the transport layer software running on the client hostThis is the transient port number. 18-Sep-18 Networks and Communication Department
Addressing cont. The server process must also define itself with a port number. This port number, however, cannot be chosen randomly. If the computer at the server site runs a server process and assigns a random number as the port number, the process at the client site that wants to access that server and use its services will not know the port number. Of course, one solution would be to send a special packet and request the port number of a specific server, but this requires more overhead. The Internet has decided to use universal port numbers for servers; these are called well-known port numbers. Every client process knows the well-known port number of the corresponding server process. For example, while the Daytime client process, discussed above, can use a temporary port number 52,000 to identify itself, the Daytime server process must use the well-known (permanent) port number 13. 18-Sep-18 Networks and Communication Department
Addressing cont. 18-Sep-18 Networks and Communication Department
lANA Ranges The lANA (Internet Assigned Number Authority) has divided the port numbers into three ranges: well known, registered, and dynamic (or private), Well-known ports. The ports ranging from 0 to 1023 are assigned and controlled by lANA. These are the well- known ports. Registered ports. The ports ranging from 1024 to 49,151 are not assigned or controlled by lANA. They can only be registered with lANA to prevent duplication. Dynamic ports. The ports ranging from 49,152 to 65,535 are neither controlled nor registered. They can be used by any process. These are the temporary ports. 18-Sep-18 Networks and Communication Department
Connectionless Versus Connection-Oriented Service Connectionless Service In a connectionless service, the packets are sent from one party to another with no need for connection establishment or connection release. The packets are not numbered; they may be delayed or lost or may arrive out of sequence. There is no acknowledgment either. UDP, is connectionless. 18-Sep-18 Networks and Communication Department
Connectionless Versus Connection-Oriented Service cont. In a connection-oriented service, a connection is first established between the sender and the receiver. Data are transferred. At the end, the connection is released. TCP and SCTP are connection-oriented protocols 18-Sep-18 Networks and Communication Department
Reliable Versus Unreliable The transport layer service can be reliable or unreliable. If the application layer program needs reliability, we use a reliable transport layer protocol by implementing flow and error control at the transport layer. This means a slower and more complex service. On the other hand, if the application program does not need reliability because it uses its own flow and error control mechanism or it needs fast service or the nature of the service does not demand flow and error control (real-time applications), then an unreliable protocol can be used. In the Internet, there are three common different transport layer protocols: UDP is connectionless and unreliable; TCP and SCTP are connectionoriented and reliable. 18-Sep-18 Networks and Communication Department
Reliable Versus Unreliable cont. One question often comes to the mind. If the data link layer is reliable and has flow and error control, do we need this at the transport layer, too? The answer is yes. Reliability at the data link layer is between two nodes; we need reliability between two ends. Because the network layer in the Internet is unreliable (best-effort delivery), we need to implement reliability at the transport layer. 18-Sep-18 Networks and Communication Department