Lecture 11: Middleboxes and NAT (Duct tape for IPv4)

Similar documents
CS 3516: Advanced Computer Networks

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 12

Chapter 4: network layer. Network service model. Two key network-layer functions. Network layer. Input port functions. Router architecture overview

Quiz. Segment structure and fields Flow control (rwnd) Timeout interval. Phases transition ssthresh setting Cwnd setting

Subnets. IP datagram format. The Internet Network layer. IP Fragmentation and Reassembly. IP Fragmentation & Reassembly. IP Addressing: introduction

Chapter 4 Network Layer: The Data Plane

Chapter 4: Network Layer

CSC 401 Data and Computer Communications Networks

Network Layer: Router Architecture, IP Addressing

Network Layer: DHCP, ICMP, NAT, IPv6

Computer Networking Introduction

Chapter 4 Network Layer: The Data Plane

Chapter 4 Network Layer: The Data Plane

internet technologies and standards

1-1. Switching Networks (Fall 2010) EE 586 Communication and. October 25, Lecture 24

Chapter 4 Network Layer: The Data Plane

COMP211 Chapter 4 Network Layer: The Data Plane

EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane

TDTS06: computer Networks

Chapter 4 Network Layer

Network Layer: Data Plane 4-2

internet technologies and standards

Router Architecture Overview

Master Course Computer Networks IN2097

CSC 4900 Computer Networks: Network Layer

Lecture 17: Network Layer Addressing, Control Plane, and Routing

Lecture 4 - Network Layer. Transport Layer. Outline. Introduction. Notes. Notes. Notes. Notes. Networks and Security. Jacob Aae Mikkelsen

ECE 4450:427/527 - Computer Networks Spring 2017

CSC358 Week 6. Adapted from slides by J.F. Kurose and K. W. Ross. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved

Chapter 4: network layer

CS 43: Computer Networks. 21: The Network Layer & IP November 7, 2018

EPL606. Internetworking. Part 2a. 1Network Layer

CMPE 80N: Introduction to Networking and the Internet

Network Layer: Chapter 4. The Data Plane. Computer Networking: A Top Down Approach

Chapter 4 Network Layer: The Data Plane

Chapter 4 Network Layer: The Data Plane

IPv4 addressing, NAT. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley.

RSC Part II: Network Layer 3. IP addressing (2nd part)

Chapter 4 Network Layer: The Data Plane

Introduction to Computer Networking. Guy Leduc. Chapter 4 Network Layer: The Data Plane. Chapter 4: Network Layer Data Plane

Chapter 4 Network Layer

NETWORK LAYER DATA PLANE

Network Layer PREPARED BY AHMED ABDEL-RAOUF

Data Communications & Networks. Session 7 Main Theme Networks: Part I Circuit Switching, Packet Switching, The Network Layer

Chapter 4 Network Layer

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

Last time. Network layer. Introduction. Virtual circuit vs. datagram details. IP: the Internet Protocol. forwarding vs. routing

CSC 401 Data and Computer Communications Networks

EEC-684/584 Computer Networks

Putting it all together

The Network Layer Forwarding Tables and Switching Fabric

Addressing protocols. TELE3118 lecture notes Copyright by Tim Moors Aug-09. Copyright Aug-09, Tim Moors

Networking Potpourri: Plug-n-Play, Next Gen

CS 3640: Introduction to Networks and Their Applications

Chapter 4 Network Layer

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

CS 356: Computer Network Architectures. Lecture 14: Switching hardware, IP auxiliary functions, and midterm review. [PD] chapter 3.4.1, 3.2.

CS 356: Computer Network Architectures. Lecture 15: DHCP, NAT, and IPv6. [PD] chapter 3.2.7, 3.2.9, 4.1.3, 4.3.3

Examination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk SOLUTIONS

Lecture 8. Network Layer (cont d) Network Layer 1-1

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

CSCD 330 Network Programming Spring 2017

Network layer: Overview. Network Layer Functions

CS118 Discussion 1A, Week 9. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.

Lecture 2: Internet Structure

Chapter 4: outline. 4.5 routing algorithms link state distance vector hierarchical routing. 4.6 routing in the Internet RIP OSPF BGP

CSCD58 WINTER 2018 WEEK 6 - NETWORK LAYER PART 1. Brian Harrington. February 13, University of Toronto Scarborough

Internet Protocol (IP)

Network Layer II. Getting IP addresses. DHCP client-server scenario. DHCP client-server scenario. C compiler. You writing assignment 2

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

CSC 4900 Computer Networks: Link Layer (3)

Network Protocols - Revision

Network Control, Con t

IPv4. Christian Grothoff.

ECE 158A: Lecture 7. Fall 2015

CSCD 330 Network Programming Spring 2018

Internetworking With TCP/IP

Network Layer: Control/data plane, addressing, routers

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

CSCE 463/612 Networks and Distributed Processing Spring 2017

Internet Technology 3/23/2016

Chapter 4 Network Layer

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

Distributed Systems. 7. Network Layer. Werner Nutt

Summary Chapter 4. Smith College, CSC 249 March 2, q IP Addressing. q DHCP dynamic addressing

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Use this section to help you quickly locate a command.

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

Mohammad Hossein Manshaei 1393

CSCI-1680 Network Layer: IP & Forwarding John Jannotti

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Networking Theory CSCI 201 Principles of Software Development

CSCI Computer Networks Fall 2016

Lecture 14: DHCP and NAT

Data Communication & Networks G Session 7 - Main Theme Networks: Part I Circuit Switching, Packet Switching, The Network Layer

CS 3516: Computer Networks

Internetworking/Internetteknik, Examination 2G1305 Date: August 18 th 2004 at 9:00 13:00 SOLUTIONS

CS 3516: Advanced Computer Networks

Lecture 3: Packet Forwarding

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Transcription:

CSCI-351 Data communication and Networks Lecture 11: Middleboxes and NAT (Duct tape for IPv4) The slide is built with the help of Prof. Alan Mislove, Christo Wilson, and David Choffnes's class

Middleboxes 2 Devices in the network that interact with network traffic from the IP layer and up Common functions! NAT! Firewall and other security! Proxy! Filtering! Caching! Internet

3 Outline NAT Other middleboxes

The IPv4 Shortage 4 Problem: consumer ISPs typically only give one IP address per-household! Additional IPs cost extra! More IPs may not be available Today s households have more networked devices than ever! Laptops and desktops! TV, bluray players, game consoles! Tablets, smartphones, ereaders How to get all these devices online?

Private IP Networks 5 Idea: create a range of private IPs that are separate from the rest of the network! Use the private IPs for internal routing! Use a special router to bridge the LAN and the WAN Properties of private IPs! Not globally unique! Usually taken from non-routable IP ranges (why?) Typical private IP ranges! 10.0.0.0 10.255.255.255! 172.16.0.0 172.31.255.255! 192.168.0.0 192.168.255.255

Private Networks 6 192.168.0.1 192.168.0.1 Private Network 192.168.0.2 192.168.0.2 Private Network NAT Internet 192.168.0.0 66.31.210.69 192.168.0.0

Network Address Translation (NAT) 7 NAT allows hosts on a private network to communicate with the Internet! Warning: connectivity is not seamless Special router at the boundary of a private network! Replaces internal IPs with external IP This is Network Address Translation! May also replace TCP/UDP port numbers Maintains a table of active flows! Outgoing packets initialize a table entry! Incoming packets are rewritten based on the table

Basic NAT Operation 8 Source: 192.168.0.1 Dest: 74.125.228.67 Private Network Internet Source: 66.31.210.69 Dest: 74.125.228.67 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 192.168.0.1 Source: 74.125.228.67 Dest: 66.31.210.69

Advantages of NATs 9 Allow multiple hosts to share a single public IP Allow migration between ISPs! Even if the public IP address changes, you don t need to reconfigure the machines on the LAN Load balancing! Forward traffic from a single public IP to multiple private hosts

Natural Firewall 10 Private Address Private Network Internet Public Address 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 66.31.210.69 192.168.0.1

Concerns About NAT 11 Performance/scalability issues! Per flow state!! Modifying IP and Port numbers means NAT must recompute IP and TCP checksums Breaks the layered network abstraction Breaks end-to-end Internet connectivity! 192.168.*.* addresses are private! Cannot be routed to on the Internet! Problem is worse when both hosts are behind NATs What about IPs embedded in data payloads?

Port Forwarding 12 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Dest: 192.168.0.1:7000 Source: 74.125.228.67:8679 Dest: 66.31.210.69:7000

13 Outline NAT Other middleboxes

Firewall 14 A device that blocks traffic according to a set of rules! Why?! Services with vulnerabilities turned on by default! ISP policy forbidding certain traffic due to ToS Typically specified using a 5-tuple! E.g., block outbound SMTP; block inbound SQL server reqs GFC (Great Firewall of China)! Known to block based on IP, filter DNS requests, etc

Web caching 15 ISP installs cache near network edge that caches copies of Web pages! Why?! Performance: Content is closer to clients, TCP will perform better with lower RTTs! Cost: free for the ISP to serve from inside the network Limitations! Much of today s content is not static (why does this matter?)! Content ownership! Potential privacy issues! Long tail of content popularity

Web caching 16 ISP installs cache near network edge that caches copies of Web pages! Why?! Performance: Content is closer to clients, TCP will perform better with lower RTTs! Cost: free for the ISP to serve from inside the network Not cached foo.htm Internet foo.htm

Proxying 17 Non-split connections! Like NAT, but IP address is no longer the one assigned to you Split connections! Middlebox maintains two flows: C-M and M-S! Can be done transparently How? C M S Syn Syn Ack SynAck Ack SynAck

Proxying 18 Advantages! RTT is lower on each end! Can use different MTUs! Particularly useful in cell ntwks Disadvantages! Extra delay can be bad for small flows! Buffering/state makes it potentially costly C M S Syn Syn Ack SynAck Ack SynAck

Questions 19 Middleboxes that breaks end-to-end integrity APs? How can we tell if middle boxes does do that? ISP? Software on your computer? How can we tell that? Net-neutrality

CSCI-351 Data communication and Networks Lecture 11 ext: The slide is built with the Prof. Kurose s materials

: Dynamic Host Configuration Protocol 21 Let s say that a ISP has X customers, How many IPs does it need to have? X? Goal: allow host to dynamically obtain its IP address from network server when it joins network can renew its lease on address in use allows reuse of addresses (only hold address while connected/ on ) support for mobile users who want to join network (more shortly)

Client-Server 22 223.1.1.0/24 223.1.1.1 server 223.1.2.1 223.1.1.2 223.1.1.4 223.1.2.9 223.1.2.2 223.1.1.3 223.1.3.27 arriving client needs address in this network 223.1.2.0/24 223.1.3.1 223.1.3.2

Client-Server 23 server: 223.1.2.5 discover src : 0.0.0.0, 68 dest.: 255.255.255.255,67 server yiaddr: out 0.0.0.0 there? transaction ID: 654 Broadcast: is there a arriving client request offer src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 yiaddrr: 223.1.2.4 transaction that IP address! ID: 655 lifetime: 3600 secs Broadcast: OK. I ll take src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4 transaction ID: 654 lifetime: 3600 secs Broadcast: I m a server! Here s an IP address you can use ACK src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4 transaction that IP address! ID: 655 lifetime: 3600 secs Broadcast: OK. You ve got

: More than IP address 24 can return more than just allocated IP address on subnet address of first-hop router for client name and IP address of DNS sever network mask (indicating network versus host portion of address)

Header (Do not memorize) 25

: example 26 UDP IP Eth Phy UDP IP Eth Phy 168.1.1.1 router with server built into router connecting laptop needs its IP address, addr of first-hop router, addr of DNS server: use request encapsulated in UDP, encapsulated in IP, encapsulated in 802.1 Ethernet Ethernet frame broadcast (dest: FFFFFFFFFFFF) on LAN, received at router running server Ethernet demuxed to IP demuxed, UDP demuxed to

: example 27 UDP IP Eth Phy DCP server formulates ACK containing client s IP address, IP address of firsthop router for client, name & IP address of DNS server UDP IP Eth Phy router with server built into router encapsulation of server, frame forwarded to client, demuxing up to at client client now knows its IP address, name and IP address of DSN server, IP address of its first-hop router

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback