12 – NAT, ICMP, IPv6Slide 2NAT: Network Address TranslationSlide 4Slide 5Slide 6Private network addresses (RFC 3330)Circumventing the NAT firewall (if you must)Slide 9ICMP: Internet Control Message Protocol (RFC 792)Traceroute and ICMPIPv6IPv6 Header (Cont)Other Changes from IPv4Transition From IPv4 To IPv6TunnelingSlide 17Deployment12 – NAT, ICMP, IPv6Network Layer 4-1Network Layer 4-2Chapter 4Network LayerComputer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004. A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we’d like people to use our book!) If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.Thanks and enjoy! JFK/KWRAll material copyright 1996-2004J.F Kurose and K.W. Ross, All Rights ReservedNetwork Layer 4-3NAT: Network Address Translation10.0.0.110.0.0.210.0.0.310.0.0.4138.76.29.7local network(e.g., home network)10.0.0/24rest ofInternetDatagrams with source or destination in this networkhave 10.0.0/24 address for source, destination (as usual)All datagrams leaving localnetwork have same single source NAT IP address: 138.76.29.7,different source port numbersNetwork Layer 4-4NAT: Network Address TranslationMotivation: local network uses just one IP address as far as outside word is concerned:no need to be allocated range of addresses from ISP: - just one IP address is used for all devicescan change addresses of devices in local network without notifying outside worldcan change ISP without changing addresses of devices in local networkdevices inside local net not explicitly addressable, visible by outside world (a security plus).Support more IPv4 hosts by reusing addressesNetwork Layer 4-5NAT: Network Address Translation10.0.0.110.0.0.210.0.0.3S: 10.0.0.1, 3345D: 128.119.40.186, 80110.0.0.4138.76.29.71: host 10.0.0.1 sends datagram to 128.119.40, 80NAT translation tableWAN side addr LAN side addr138.76.29.7, 5001 10.0.0.1, 3345…… ……S: 128.119.40.186, 80 D: 10.0.0.1, 33454S: 138.76.29.7, 5001D: 128.119.40.186, 8022: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates tableS: 128.119.40.186, 80 D: 138.76.29.7, 500133: Reply arrives dest. address: 138.76.29.7, 50014: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345Network Layer 4-6NAT: Network Address TranslationImplementation: NAT router must:outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #). . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr.remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pairincoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT tablePrivate network addresses (RFC 3330)Network Layer 4-7Addresses cannot appear on the public Internet.Network Layer 4-8Circumventing the NAT firewall (if you must)You may want to run a server behind your NAT router. How do you let in some traffic?NAT routers have a limited ability to “port forward”, sending all traffic to a given computer on the internal net and bypassing the flow table.For example:Send all Web traffic (port 80) to 192.168.1.3Send all mail traffic (port 25) to 192.168.1.5Network Layer 4-9NAT: Network Address Translation16-bit port-number field: 60,000 simultaneous connections with a single LAN-side address!NAT is controversial:routers should only process up to layer 3violates end-to-end argument•NAT possibility must be taken into account by app designers, e.g. P2P applicationsaddress shortage should instead be solved by IPv6Network Layer 4-10ICMP: Internet Control Message Protocol (RFC 792)used by hosts & routers to communicate network-level informationerror reporting: unreachable host, network, port, protocolecho request/reply (used by ping)network-layer “above” IP:ICMP msgs carried in IP datagramsICMP message: type, code plus first 8 bytes of IP datagram causing errorType Code description0 0 echo reply (ping)3 0 dest. network unreachable3 1 dest host unreachable3 2 dest protocol unreachable3 3 dest port unreachable3 6 dest network unknown3 7 dest host unknown4 0 source quench (congestion control - not used)8 0 echo request (ping)9 0 route advertisement10 0 router discovery11 0 TTL expired12 0 bad IP headerNetwork Layer 4-11Traceroute and ICMPSource sends series of UDP segments to destFirst has TTL =1Second has TTL=2, etc.Unlikely port numberWhen nth datagram arrives to nth router:Router discards datagramAnd sends to source an ICMP messageMessage includes name of router& IP addressWhen ICMP message arrives, source calculates RTTTraceroute does this 3 timesStopping criterionUDP segment eventually arrives at destination hostDestination returns ICMP “port unreachable” packetWhen source gets this ICMP, stops.Network Layer 4-12IPv6Initial motivation: 32-bit address space soon to be completely allocated. 128-bit addresses Additional motivation:header format helps speed processing/forwardingheader changes to facilitate QoS IPv6 datagram format: fixed-length 40 byte headerNetwork Layer 4-13IPv6 Header (Cont)Traffic class: identify priority among datagrams in flowFlow Label: identify datagrams in same “flow.” (concept of“flow” not well defined).Next header: identify upper layer protocol or if fragmentedNetwork Layer 4-14Other Changes from IPv4Fragmentation: using Next Hdr field, by source node, use Path MTU DiscoveryChecksum:
View Full Document