12 – NAT, ICMP, IPv6Slide 2NAT: Network Address TranslationSlide 4Slide 5Slide 6Private network addresses (RFC 3330)Circumventing the NAT firewall (if you must)Slide 9ICMP: Internet Control Message Protocol (RFC 792)Traceroute and ICMPIPv6IPv6 Header (Cont)Other Changes from IPv4Transition From IPv4 To IPv6TunnelingSlide 17Deployment12 – NAT, ICMP, IPv6Network Layer 4-1Network Layer 4-2Chapter 4Network LayerComputer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004. A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we’d like people to use our book!) If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.Thanks and enjoy! JFK/KWRAll material copyright 1996-2004J.F Kurose and K.W. Ross, All Rights ReservedNetwork Layer 4-3NAT: Network Address Translation10.0.0.110.0.0.210.0.0.310.0.0.4138.76.29.7local network(e.g., home network)10.0.0/24rest ofInternetDatagrams with source or destination in this networkhave 10.0.0/24 address for source, destination (as usual)All datagrams leaving localnetwork have same single source NAT IP address: 138.76.29.7,different source port numbersNetwork Layer 4-4NAT: Network Address TranslationMotivation: local network uses just one IP address as far as outside word is concerned:no need to be allocated range of addresses from ISP: - just one IP address is used for all devicescan change addresses of devices in local network without notifying outside worldcan change ISP without changing addresses of devices in local networkdevices inside local net not explicitly addressable, visible by outside world (a security plus).Support more IPv4 hosts by reusing addressesNetwork Layer 4-5NAT: Network Address Translation10.0.0.110.0.0.210.0.0.3S: 10.0.0.1, 3345D: 128.119.40.186, 80110.0.0.4138.76.29.71: host 10.0.0.1 sends datagram to 128.119.40, 80NAT translation tableWAN side addr LAN side addr138.76.29.7, 5001 10.0.0.1, 3345…… ……S: 128.119.40.186, 80 D: 10.0.0.1, 33454S: 138.76.29.7, 5001D: 128.119.40.186, 8022: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates tableS: 128.119.40.186, 80 D: 138.76.29.7, 500133: Reply arrives dest. address: 138.76.29.7, 50014: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345Network Layer 4-6NAT: Network Address TranslationImplementation: NAT router must:outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #). . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr.remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pairincoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT tablePrivate network addresses (RFC 3330)Network Layer 4-7Addresses cannot appear on the public Internet.Network Layer 4-8Circumventing the NAT firewall (if you must)You may want to run a server behind your NAT router. How do you let in some traffic?NAT routers have a limited ability to “port forward”, sending all traffic to a given computer on the internal net and bypassing the flow table.For example:Send all Web traffic (port 80) to 192.168.1.3Send all mail traffic (port 25) to 192.168.1.5Network Layer 4-9NAT: Network Address Translation16-bit port-number field: 60,000 simultaneous connections with a single LAN-side address!NAT is controversial:routers should only process up to layer 3violates end-to-end argument•NAT possibility must be taken into account by app designers, e.g. P2P applicationsaddress shortage should instead be solved by IPv6Network Layer 4-10ICMP: Internet Control Message Protocol (RFC 792)used by hosts & routers to communicate network-level informationerror reporting: unreachable host, network, port, protocolecho request/reply (used by ping)network-layer “above” IP:ICMP msgs carried in IP datagramsICMP message: type, code plus first 8 bytes of IP datagram causing errorType Code description0 0 echo reply (ping)3 0 dest. network unreachable3 1 dest host unreachable3 2 dest protocol unreachable3 3 dest port unreachable3 6 dest network unknown3 7 dest host unknown4 0 source quench (congestion control - not used)8 0 echo request (ping)9 0 route advertisement10 0 router discovery11 0 TTL expired12 0 bad IP headerNetwork Layer 4-11Traceroute and ICMPSource sends series of UDP segments to destFirst has TTL =1Second has TTL=2, etc.Unlikely port numberWhen nth datagram arrives to nth router:Router discards datagramAnd sends to source an ICMP messageMessage includes name of router& IP addressWhen ICMP message arrives, source calculates RTTTraceroute does this 3 timesStopping criterionUDP segment eventually arrives at destination hostDestination returns ICMP “port unreachable” packetWhen source gets this ICMP, stops.Network Layer 4-12IPv6Initial motivation: 32-bit address space soon to be completely allocated. 128-bit addresses Additional motivation:header format helps speed processing/forwardingheader changes to facilitate QoS IPv6 datagram format: fixed-length 40 byte headerNetwork Layer 4-13IPv6 Header (Cont)Traffic class: identify priority among datagrams in flowFlow Label: identify datagrams in same “flow.” (concept of“flow” not well defined).Next header: identify upper layer protocol or if fragmentedNetwork Layer 4-14Other Changes from IPv4Fragmentation: using Next Hdr field, by source node, use Path MTU DiscoveryChecksum: