cs 3700
play

CS 3700 Networks and Distributed Systems NAT (You Better Forward - PowerPoint PPT Presentation

Oct 02, 2022 •480 likes •1.03k views

CS 3700 Networks and Distributed Systems NAT (You Better Forward Those Ports) Revised 10/7/16 The IPv4 Shortage 2 Problem: consumer ISPs typically only give one IP address per-household Additional IPs cost extra More IPs may not

  1. CS 3700 
 Networks and Distributed Systems NAT (You Better Forward Those Ports) Revised 10/7/16

  2. The IPv4 Shortage 2 � Problem: consumer ISPs typically only give one IP address per-household � Additional IPs cost extra � More IPs may not be available

  3. The IPv4 Shortage 2 � Problem: consumer ISPs typically only give one IP address per-household � Additional IPs cost extra � More IPs may not be available � Today’s households have more networked devices than ever � Laptops and desktops � TV, bluray players, game consoles � Tablets, smartphones, eReaders

  4. The IPv4 Shortage 2 � Problem: consumer ISPs typically only give one IP address per-household � Additional IPs cost extra � More IPs may not be available � Today’s households have more networked devices than ever � Laptops and desktops � TV, bluray players, game consoles � Tablets, smartphones, eReaders � How to get all these devices online?

  5. Private IP Networks 3 � Idea: create a range of private IPs that are separate from the rest of the network � Use the private IPs for internal routing � Use a special router to bridge the LAN and the WAN � Properties of private IPs � Not globally unique � Usually taken from non-routable IP ranges (why?) � Typical private IP ranges � 10.0.0.0 – 10.255.255.255 � 172.16.0.0 – 172.31.255.255 � 192.168.0.0 – 192.168.255.255

  6. Private Networks 4 192.168.0.1 Private Network 192.168.0.2 Internet 192.168.0.0 66.31.210.69

  7. Private Networks 4 192.168.0.1 Private Network 192.168.0.2 Internet NAT 192.168.0.0 66.31.210.69

  8. Private Networks 4 192.168.0.1 192.168.0.1 Private Private Network Network 192.168.0.2 192.168.0.2 NAT Internet NAT 192.168.0.0 71.2.33.56 192.168.0.0 66.31.210.69

  9. Network Address Translation (NAT) 5 � NAT allows hosts on a private network to communicate with the Internet � Warning: connectivity is not seamless � Special router at the boundary of a private network � Replaces internal IPs with external IP by modifying packet headers ■ This is “Network Address Translation” � May also replace TCP/UDP port numbers � Maintains a table of active flows � Outgoing packets initialize a table entry � Incoming packets are rewritten based on the table

  10. Basic NAT Operation 6 Private Network Internet 192.168.0.1 66.31.210.69 74.125.228.67

  11. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Dest: 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67

  12. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67

  13. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Source: 66.31.210.69:2345 Dest: 74.125.228.67:80 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67

  14. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Source: 66.31.210.69:2345 Dest: 74.125.228.67:80 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:80 Dest: 66.31.210.69:2345

  15. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Source: 66.31.210.69:2345 Dest: 74.125.228.67:80 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:80 Source: 74.125.228.67:80 Dest: 192.168.0.1:2345 Dest: 66.31.210.69:2345

  16. Advantages of NATs 7 � Allow multiple hosts to share a single public IP

  17. Advantages of NATs 7 � Allow multiple hosts to share a single public IP � Allow migration between ISPs � Even if the public IP address changes, you don’t need to reconfigure the machines on the LAN

  18. Advantages of NATs 7 � Allow multiple hosts to share a single public IP � Allow migration between ISPs � Even if the public IP address changes, you don’t need to reconfigure the machines on the LAN � Load balancing � Forward traffic from a single public IP to multiple private hosts

  19. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67

  20. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 192.168.0.1

  21. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67

  22. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 66.31.210.69

  23. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 66.31.210.69

  24. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67

  25. Concerns About NAT 9 � Performance/scalability issues � Per flow state! � Modifying IP and Port numbers means NAT must recompute IP and TCP checksums

  26. Concerns About NAT 9 � Performance/scalability issues � Per flow state! � Modifying IP and Port numbers means NAT must recompute IP and TCP checksums � Breaks the layered network abstraction

  27. Concerns About NAT 9 � Performance/scalability issues � Per flow state! � Modifying IP and Port numbers means NAT must recompute IP and TCP checksums � Breaks the layered network abstraction � Breaks end-to-end Internet connectivity � 192.168.*.* addresses are private � Cannot be routed to on the Internet � Problem is worse when both hosts are behind NATs

  28. Concerns About NAT 9 � Performance/scalability issues � Per flow state! � Modifying IP and Port numbers means NAT must recompute IP and TCP checksums � Breaks the layered network abstraction � Breaks end-to-end Internet connectivity � 192.168.*.* addresses are private � Cannot be routed to on the Internet � Problem is worse when both hosts are behind NATs � What about IPs embedded in data payloads?

  29. Port Forwarding 10 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67

  30. Port Forwarding 10 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Dest: 66.31.210.69:7000

  31. Port Forwarding 10 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Dest: 66.31.210.69:7000

  32. Port Forwarding 10 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Source: 74.125.228.67:8679 Dest: 192.168.0.1:7000 Dest: 66.31.210.69:7000

  33. Hole Punching 11 � Problem: How to enable connectivity through NATs? NAT 1 NAT 2 192.168.0.2 192.168.0.1 59.1.72.13 66.31.210.69

  34. Hole Punching 11 � Problem: How to enable connectivity through NATs? NAT 1 NAT 2 192.168.0.2 192.168.0.1 59.1.72.13 66.31.210.69

  35. Hole Punching 11 � Problem: How to enable connectivity through NATs? NAT 1 NAT 2 192.168.0.2 192.168.0.1 59.1.72.13 66.31.210.69

  36. Hole Punching 11 � Problem: How to enable connectivity through NATs? NAT 1 NAT 2 192.168.0.2 192.168.0.1 59.1.72.13 66.31.210.69 � Two application-level protocols for hole punching � STUN � TURN

  37. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? 192.168.0.1 STUN Server 66.31.210.69

  38. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? What is my global IP address? 192.168.0.1 STUN Server 66.31.210.69

  39. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? What is my global IP address? 192.168.0.1 STUN Server 66.31.210.69

  40. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? What is my global IP address? Please echo my IP address 192.168.0.1 STUN Server 66.31.210.69

  41. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? What is my global IP address? Please echo my IP address 192.168.0.1 STUN Server 66.31.210.69

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised

CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised

CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised 1/5/2020 Hello! 2 Welcome to CS 3700 Are you in the right classroom? Okay, good. Who am I? Professor Alden Jackson

861 views • 29 slides
CS 3700 Networks and Distributed Systems Bridging (From Hub to Switch by Way of Tree)

CS 3700 Networks and Distributed Systems Bridging (From Hub to Switch by Way of Tree)

CS 3700 Networks and Distributed Systems Bridging (From Hub to Switch by Way of Tree) Revised 8/19/15 Just Above the Data Link Layer 2 Bridging How do we connect LANs? Application Function: Presentation Route packets

1.44k views • 122 slides
CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised

CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised

CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised 10/26/2016 Outline 2 Consistent Hashing Structured Overlays / DHTs Key/Value Storage Service 3 Imagine a simple service that stores

1.8k views • 177 slides
CS 3700 Networks and Distributed Systems Internet Architecture (Layer cake and an hourglass)

CS 3700 Networks and Distributed Systems Internet Architecture (Layer cake and an hourglass)

CS 3700 Networks and Distributed Systems Internet Architecture (Layer cake and an hourglass) Revised 1/08/2020 Last class recap... 2 This is not a history course Communication is fundamental to human nature Key concepts have

1.91k views • 131 slides
H1 / Q2-FY19 Earnings Presentation At a Glance 2 One of the largest content houses with 3700+

H1 / Q2-FY19 Earnings Presentation At a Glance 2 One of the largest content houses with 3700+

SHEMAROO ENTERTAINMENT LIMITED H1 / Q2-FY19 Earnings Presentation At a Glance 2 One of the largest content houses with 3700+ Offering content to most Bollywood services across Over 55 years experience as a Household Media Brand content

402 views • 18 slides
CS 3700 Networks and Distributed Systems P2P and BitTorrent (Why is Lars Ulrich So Angry?)

CS 3700 Networks and Distributed Systems P2P and BitTorrent (Why is Lars Ulrich So Angry?)

CS 3700 Networks and Distributed Systems P2P and BitTorrent (Why is Lars Ulrich So Angry?) Revised 10/21/16 Traditional Internet Services Model 2 Client-server Many clients, 1 (or more) server(s) Web servers, DNS, file

2.25k views • 190 slides
Laurie Adelhardt | ag@owlcreek.net | 410.705.3700 Susanne Zilberfarb | susanne@hammondmedia.com |

Laurie Adelhardt | ag@owlcreek.net | 410.705.3700 Susanne Zilberfarb | susanne@hammondmedia.com |

Laurie Adelhardt | ag@owlcreek.net | 410.705.3700 Susanne Zilberfarb | susanne@hammondmedia.com | 410.430.2613 GOAL: Introduce the face behind the farm to build consumer trust in Maryland farming. www.mymdfarmers.com @mymdfarmers

657 views • 26 slides
ANALYSIS OF CREDIT PORTFOLIO FCERA May 2014 SEATTLE | 206.622.3700 LOS ANGELES | 310.297.1777

ANALYSIS OF CREDIT PORTFOLIO FCERA May 2014 SEATTLE | 206.622.3700 LOS ANGELES | 310.297.1777

ANALYSIS OF CREDIT PORTFOLIO FCERA May 2014 SEATTLE | 206.622.3700 LOS ANGELES | 310.297.1777 www.wurts.com E X E C U T I V E S U M M A R Y Since the asset liability study was presented in mid-2013, spreads for High Yield (HY) and

308 views • 9 slides
REAL EST REAL ESTATE TE Over Rs.100,000 CR. Rs. 3700 cr. Sales recorded Estimated revenue

REAL EST REAL ESTATE TE Over Rs.100,000 CR. Rs. 3700 cr. Sales recorded Estimated revenue

THE ONE OF INDIAS INCREDIBLE GROWTH STORY Over 130 lacs sq. ft. Over 100 lacs sq. ft. of projects delivered of area under development REAL EST REAL ESTATE TE Over Rs.100,000 CR. Rs. 3700 cr. Sales recorded Estimated revenue potential

745 views • 47 slides
Community Arts Advisory Committee Meeting #1 July 15, 2019 | 6:30 8:30 p.m. 3700 South Four

Community Arts Advisory Committee Meeting #1 July 15, 2019 | 6:30 8:30 p.m. 3700 South Four

Community Arts Advisory Committee Meeting #1 July 15, 2019 | 6:30 8:30 p.m. 3700 South Four Mile Run Drive agenda INTRODUCTIONS MOVING FORWARD Welcome Story Circle Introductions Interview Findings Planning the Work

490 views • 27 slides
Community Arts Advisory Committee Meeting #3 August 29, 2019 | 6:30 8:30 p.m. 3700 South

Community Arts Advisory Committee Meeting #3 August 29, 2019 | 6:30 8:30 p.m. 3700 South

Community Arts Advisory Committee Meeting #3 August 29, 2019 | 6:30 8:30 p.m. 3700 South Four Mile Run Drive agenda INTRODUCTIONS 5 minutes MOVING FORWARD 90 minutes Subcommittee Report Out (Scenic Welcome Shop/Costume

535 views • 26 slides
CS 3700 Networks and Distributed Systems Inter Domain Routing (Its all about the Money)

CS 3700 Networks and Distributed Systems Inter Domain Routing (Its all about the Money)

CS 3700 Networks and Distributed Systems Inter Domain Routing (Its all about the Money) Revised 10/03/19 Network Layer, Control Plane 2 Function: Set up routes between networks Data Plane Key challenges: Application

942 views • 66 slides
CS 3700 Networks and Distributed Systems Intro to Distributed Systems Revised 10/01/15

CS 3700 Networks and Distributed Systems Intro to Distributed Systems Revised 10/01/15

CS 3700 Networks and Distributed Systems Intro to Distributed Systems Revised 10/01/15 Application Layer 2 Function: Application Whatever you want Presentation Implement your app using the network Session Key challenges:

862 views • 32 slides
Real Assets Outlook Table of contents VERUSINVESTMENTS.COM SEATTLE 206-622-3700 LOS ANGELES

Real Assets Outlook Table of contents VERUSINVESTMENTS.COM SEATTLE 206-622-3700 LOS ANGELES

JULY 2017 Real Assets Outlook Table of contents VERUSINVESTMENTS.COM SEATTLE 206-622-3700 LOS ANGELES 310-297-1777 SAN FRANCISCO 415-362-3484 Executive summary 3 U.S. economics - Inflation 6 Outlook summary 7 Current conditions and 10

647 views • 36 slides
The Cottages-3700 Cedar Hill Road Dawson Heights Housing Ltd. Neighbourhood Association Meeting-

The Cottages-3700 Cedar Hill Road Dawson Heights Housing Ltd. Neighbourhood Association Meeting-

The Cottages-3700 Cedar Hill Road Dawson Heights Housing Ltd. Neighbourhood Association Meeting- January 11, 2018 1. Project Overview 2. About the Applicant 3. Site Context Presentation 4. Planning Framework & Policies Outline 5.

279 views • 17 slides
Community Arts Advisory Committee Meeting #2 August 8, 2019 | 6:30 8:30 p.m. 3700 South

Community Arts Advisory Committee Meeting #2 August 8, 2019 | 6:30 8:30 p.m. 3700 South

Community Arts Advisory Committee Meeting #2 August 8, 2019 | 6:30 8:30 p.m. 3700 South Four Mile Run Drive agenda INTRODUCTIONS 20 minutes MOVING FORWARD 85 minutes Welcome Overview of Tools & Models Introductions

160 views • 15 slides
Network Analysis Ma Maneesh Agrawala CS 448B: Visualization Winter 2020 1 Last Time: Network

Network Analysis Ma Maneesh Agrawala CS 448B: Visualization Winter 2020 1 Last Time: Network

Network Analysis Ma Maneesh Agrawala CS 448B: Visualization Winter 2020 1 Last Time: Network Layout 2 1 Interactive Example: Configurable Force Layout 3 Linear node layout, circular arcs show connections. Layout quality sensitive to

338 views • 33 slides
Report on the Clusters at Fermilab Don Holmgren USQCD All-Hands Meeting JLab April 18-19, 2014

Report on the Clusters at Fermilab Don Holmgren USQCD All-Hands Meeting JLab April 18-19, 2014

Report on the Clusters at Fermilab Don Holmgren USQCD All-Hands Meeting JLab April 18-19, 2014 Outline Hardware Storage Statistics The Budget and Implications for Storage Facility Operations USQCD 2014 AHM Fermilab

562 views • 27 slides
Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh

Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh

10/30/2015 Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh University by Dr. Liang Cheng and Dr. Shalinee Kishore. Motivation for SCADA Suppose you have a simple electrical circuit consisting

538 views • 15 slides
FOURTH QUARTER FISCAL YEAR 2018 FINANCIAL RESULTS May 15, 2018 CAUTIONARY STATEMENT UNDER THE

FOURTH QUARTER FISCAL YEAR 2018 FINANCIAL RESULTS May 15, 2018 CAUTIONARY STATEMENT UNDER THE

FOURTH QUARTER FISCAL YEAR 2018 FINANCIAL RESULTS May 15, 2018 CAUTIONARY STATEMENT UNDER THE PRIVATE SECURITIES LITIGATION REFORM ACT This presentation and discussion contains certain forward-looking statements that are subject to the Safe

539 views • 22 slides
Queuing Networks - Outline of queuing networks - Mean Value Analisys (MVA) for open and closed

Queuing Networks - Outline of queuing networks - Mean Value Analisys (MVA) for open and closed

Queuing Networks - Outline of queuing networks - Mean Value Analisys (MVA) for open and closed queuing networks 1 Open queuing networks outgoing requests incoming requests DISK CPU CD Closed queuing networks (finite number of users)

691 views • 30 slides
Empowering Peer-to-peer Services Luca Deri <deri@{unipi.it,ntop.org}> Vision The

Empowering Peer-to-peer Services Luca Deri <deri@{unipi.it,ntop.org}> Vision The

Empowering Peer-to-peer Services Luca Deri <deri@{unipi.it,ntop.org}> Vision The internet should be a transparent IP-based transport for users, not a geographical/ISP constrain. Users should control/create their community

468 views • 20 slides
6.888 Lecture 14: Software Defined Networking Mohammad Alizadeh Many thanks to Nick McKeown

6.888 Lecture 14: Software Defined Networking Mohammad Alizadeh Many thanks to Nick McKeown

6.888 Lecture 14: Software Defined Networking Mohammad Alizadeh Many thanks to Nick McKeown (Stanford), Jennifer Rexford (Princeton), Sco< Shenker (Berkeley), Nick Feamster (Princeton), Li Erran Li (Columbia), Yashar Ganjali (Toronto)

765 views • 50 slides
Trade Networks Jos e de Sousa and Isabelle Mejean Topics in International Trade University

Trade Networks Jos e de Sousa and Isabelle Mejean Topics in International Trade University

Trade Networks Jos e de Sousa and Isabelle Mejean Topics in International Trade University Paris-Saclay Master in Economics, 2nd year Motivation : Trade Frictions Samuelson (1954) and Krugman (1980) : Key importance of frictions in

556 views • 34 slides

More recommend