© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.

Slides:



Advertisements
Similar presentations
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Advertisements

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Internetworking II: MPLS, Security, and Traffic Engineering
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
CS335 Networking & Network Administration Tuesday, May 11, 2010.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Subnetting.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
TCP/IP Protocol Suite 1 Chapter 26 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference.
© MMII JW RyderCS 428 Computer Networks1 Mapping Internet to Physical Addresses  2 machines on a physical network can only communicate if they know each.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
DHCP: Dynamic Host Configuration Protocol
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA.
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
Section 4 : The OSI Network Layer CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE.
Introduction to Network Address Translation
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
Mobile IP Chapter 19. Introduction Mobile IP is designed to allow portable computers to move from one network to another Associated with wireless technologies.
Bootstrap and Autoconfiguration Chapter 23. Introduction Each computer attached to a TCP/IP internet needs to know: –its IP address –the address of a.
Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
Part 3: Internetworking Internet architecture, addressing, encapsulation, reliable transport and the TCP/IP protocol suite.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
User Datagram Protocol (UDP) Chapter 11. Know TCP/IP transfers datagrams around Forwarded based on destination’s IP address Forwarded based on destination’s.
1 Networking Chapter Distributed Capabilities Communications architectures –Software that supports a group of networked computers Network operating.
Private Network Addresses IP addresses in a private network can be assigned arbitrarily. – Not registered and not guaranteed to be globally unique Generally,
Internet Protocol: Routing IP Datagrams Chapter 8.
Internet Security and Firewall Design Chapter 32.
Socket Programming Introduction. Socket Definition A network socket is one endpoint in a two-way communication flow between two programs running over.
Mapping IP Addresses to Hardware Addresses Chapter 5.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
1 Network Address Translation. 2 Network Address Translation (NAT) Extension of original addressing scheme Motivated by exhaustion of IP address space.
Routing. Classless Inter-Domain Routing Classful addressing scheme wasteful – IP address space exhaustion – A class B net allocated enough for 65K hosts.
UDP: User Datagram Protocol Chapter 12. Introduction Multiple application programs can execute simultaneously on a given computer and can send and receive.
Advanced Higher Computing Computer Networking Topic 1: Network Protocols and Standards.
K. Salah1 Security Protocols in the Internet IPSec.
Chapter 5. An IP address is simply a series of binary bits (ones and zeros). How many binary bits are used? 32.
Ch. 23, 25 Q and A (NAT and UDP) Victor Norman IS333 Spring 2015.
Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.
Mobility support in IP v4. Internet Computing (CS-413) 2.
Network Address Translation (NAT)
Network Address Translation
Network Address Translation (NAT)
NET323 D: Network Protocols
NAT/ARP/RARP (Ch 5 & 8) Dr. Clincy Lecture.
8PM – Quickly Overview Final Project
NET323 D: Network Protocols
COMPUTER NETWORKS CS610 Lecture-38 Hammad Khalid Khan.
Network Address Translation (NAT)
Presentation transcript:

© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe a 2-level internet architecture  Private internet connected by public internet/Internet

© MMII JW RyderCS 428 Computer Networking2 Private/Hybrid Networks  Major drawback to single level architecture -> lack of privacy  2 levels distinguish between internal and external datagrams  Goal is to keep internal datagrams private while still allowing external communications

© MMII JW RyderCS 428 Computer Networking3 Private Networks  Easiest way to guarantee privacy is completely private network aka private network  Use routers to interconnect networks at each site and leased digital circuits to interconnect sites  Since no outside access can use own IP addressing scheme

© MMII JW RyderCS 428 Computer Networking4 Hybrid Networks  Gives advantages of both private and and global Internet connectivity  Must use globally valid IP addresses  Connect each site to the Internet  See hybrid architecture in figure 20.1 on page 390

© MMII JW RyderCS 428 Computer Networking5 VPN  Chief disadvantage of both private and hybrid networks is high cost  leased lines (T1+) are expensive  Can lower cost by using alternative technologies (frame relay, ATM) or simply connect to the global Internet  Connecting to global Internet could remove privacy

© MMII JW RyderCS 428 Computer Networking6 VPN  Big Question - How to keep the privacy but keep Internet connectivity?  Two techniques make VPN possible  Tunneling  Encryption  Define a tunnel across the Internet between a router on one side and a router on the other  Use IP-in-IP encapsulation in tunnel

© MMII JW RyderCS 428 Computer Networking7 VPN  See tunnel figure 20.2 on page 391  Entire inner datagram including the IP header is encrypted before being placed as the data in the outer datagram  Describe flow  “A VPN sends data across the Internet, but encrypts intersite transmissions to guarantee privacy” page 392

© MMII JW RyderCS 428 Computer Networking8 VPN Addressing  Offers an organization same addressing as private network if hosts do not need Internet connectivity  If hosts need Internet connectivity then hybrid approach can be used  In either case the routers that interface with the Internet always need valid IP addresses  See figure 20.4 on page 393

© MMII JW RyderCS 428 Computer Networking9 VPN Addressing  How can a host provide access to the global Internet without assigning each host a valid IP address?  2 general methods  Application Gateways  Network Address Translation

© MMII JW RyderCS 428 Computer Networking10 Application Gateways  Offers hosts access to Internet services without offering IP level access  Each site has a multi-homed host with a connection to both the Internet and the private network  MHH runs a set of programs called Application Gateways

© MMII JW RyderCS 428 Computer Networking11 Application Gateways  Each AG handles 1 service  Hosts send datagrams to AG on MHH  MHH accesses the service on the Internet  MHH relays responses back to host on private network  Example: gateway

© MMII JW RyderCS 428 Computer Networking12 Application Gateways  Advantage - ability to work without changing underlying structure of private network  Disadvantage - lack of generality  “Each application gateway handles only one specific service; multiple gateways are required for multiple services.”  AGs do NOT solve problem in a general way

© MMII JW RyderCS 428 Computer Networking13 NAT  Requires a site to have a single connection to the Internet and one valid IP address G  G assigned to a MHH connected to the Internet that runs NAT software  A computer running NAT software is known as a NAT Box  All datagrams flow through NAT box

© MMII JW RyderCS 428 Computer Networking14 NAT  NAT translates both outgoing and incoming addresses  Outgoing  Replace source address with G  Incoming  Replace destination address with private address of host

© MMII JW RyderCS 428 Computer Networking15  External view - All datagrams come from and go to the NAT box  Internal view - NAT box appears as a router to the Internet  Chief advantage - Combination of generality and transparency NAT

© MMII JW RyderCS 428 Computer Networking16 NAT  More general than AGs - Allows arbitrary internal host to access arbitrary service on a host on the Internet  Transparency - Allows internal host to send and receive datagrams using a private IP address  “NAT technology provides transparent IP-level access to the Internet from a host with a private address.”

© MMII JW RyderCS 428 Computer Networking17 NAT Translation  Each entry specifies 2 items  IP address of host on Internet  IP address of host on private network  Example incoming/outgoing  Table must be in place before datagram arrives in from Internet  Why?

© MMII JW RyderCS 428 Computer Networking18 NAT Translation  How/When is table initialized  Manual - network administrator  Outgoing Datagrams - sie effect of sending datagrams  Incoming DNS lookup - side effect of DNS lookup  When host on Internet does a DNS lookup of internal host, DNS software creates entry in translation table then answers request by sending G

© MMII JW RyderCS 428 Computer Networking19 NAT Translation  Manual  Advantage - IP datagrams in either direction any time  Outgoing  Advantage - Automatic  Disadvantage – Comm. can’t be initialized by outside  Incoming DNS lookups  Requires modifying DNS software  Accommodates initiating communication from outside  Only works if DNS used

© MMII JW RyderCS 428 Computer Networking20 NAT  Mot implementations use outgoing method  Example on figure 20.5 on page 396  NAT permits ISP to assign private addresses

© MMII JW RyderCS 428 Computer Networking21 Multi-Address NAT  NAT described so far allows a single host on private network to access a single Internet site  What if 2 local hosts want to access single Internet host?  External Address Concurrency

© MMII JW RyderCS 428 Computer Networking22  Assign NAT box multiple Gs  Multiple accesses of same Internet host maps different Gs  Still finite number of concurrent accesses Multi-Address NAT

© MMII JW RyderCS 428 Computer Networking23 Port-Mapped NAT  Translate TCP or UDP protocol port numbers too  Sometimes known as Network Address Port Translation (NAPT)  Additional table fields  Pair of source/destination protocol port numbers  Protocol port number used by NAT box

© MMII JW RyderCS 428 Computer Networking24 Port-Mapped NAT  See figure 20.6 on page 397  and have unique source port numbers but this is NOT guaranteed  Maybe they choose same number - application can select it  To avoid - NAT assigns unique port number to each Internet communication

© MMII JW RyderCS 428 Computer Networking25 Port-Mapped NAT  TCP 4-tuple to represent IP address and port number  Before sending  ( ,21023, ,80)  ( ,386, ,80)  After NAPT translation  (G,14003, ,80)  (G,14010, ,80)

© MMII JW RyderCS 428 Computer Networking26 Port-Mapped NAT  Advantage - Generality with single valid IP address  Disadvantage - Restricts use to TCP or UDP  “Several variants of NAT exist, including the popular NAPT form that translates protocol port numbers as well as IP addresses.”

© MMII JW RyderCS 428 Computer Networking27 NAT and ICMP  “Straight-forward” changes to IP addresses can cause unexpected problems in higher layer protocols  NAT doesn’t forward all ICMP messages arriving from Internet  Example - If routes in NAT box are incorrect, an ICMP redirect message must be handled locally not sent internally to some other host  Before forwarding to internal host NAT translates ICMP message

© MMII JW RyderCS 428 Computer Networking28 NAT and ICMP  So, NAT must decide whether ICMP message to be forwarded in or handled locally  ICMP destination unreachable message  IP header returned containing source address but G is in it not internal source

© MMII JW RyderCS 428 Computer Networking29  NAT box must first translate address and place it into the ICMP message  ICMP Checksum in now incorrect and one in datagram outer header!!!!  This must now be recomputed NAT and ICMP

© MMII JW RyderCS 428 Computer Networking30 NAT and Applications  Pure NAPT doesn’t work with applications that send IP addresses and port numbers as data  FTP - TCP application  One program obtains port number on local machine, converts it to ASCII and sends it to other host to create TCP connection

© MMII JW RyderCS 428 Computer Networking31 NAT and Applications  NAPT would need to inspect all data and translate as needed for every application protocol as it is designed!  NAT supports main application protocol such as FTP and Telnet but not all  Certainly not out home grown applications

© MMII JW RyderCS 428 Computer Networking32 Summary  VPNs guarantee privacy but are expensive  2 main technologies used to implement VPN  Application Gateways  NAT

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.