SLIDE 1
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr - - PowerPoint PPT Presentation
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr - - PowerPoint PPT Presentation
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 6 14ws 1 Outline IPv4 Address Allocation NAT DHCP 2 Outline IPv4
SLIDE 2
SLIDE 3
Outline
IPv4 Address Allocation NAT DHCP
3
SLIDE 4
Internet Growth: IPv4 Address Allocation
source: www.potaroo.net/tools/ipv4
4
SLIDE 5
IPv4 Address Allocation in 1996
source: xkcd.com/195
5
SLIDE 6
IPv4 Address Depletion since 1996
source: By Mro, CC-BY-SA, commons.wikimedia.org/wiki/File:Ipv4-exhaust.svg
6
SLIDE 7
Private IPv4 Address Space
RFC 1918 reserves "private" IPv4 address ranges
Implications
◮ anyone can use these IP addresses ranges in their own network ◮ addresses are not routed in the public Internet ◮ Internet access through address translation
Address Ranges
◮ RFC 1918 reserves the following IPv4 address ranges
◮ 10.0.0.0/8 ◮ 172.16.0.0/12 ◮ 192.168.0.0/16
◮ RFC 6598 reserves an additional range for ISP networks
◮ 100.64.0.0/10
◮ RFC 4193 reserves an IPv6 address range
◮ fc00::/7
7
SLIDE 8
Outline
IPv4 Address Allocation NAT DHCP
8
SLIDE 9
Providing Internet Access for Private IPs
Server 131.159.15.49 Private Host 192.168.1.42
◮ outgoing packet: replace source with public endpoint 9
SLIDE 10
Providing Internet Access for Private IPs
Server 131.159.15.49 Private Host 192.168.1.42
◮ outgoing packet: replace source with public endpoint ◮ incoming packet: replace destination with local host 9
SLIDE 11
Network Address (and Port) Translation (NAT)
Server 131.159.15.49 NAT pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.42 Private Host 192.168.1.43
10
SLIDE 12
Network Address (and Port) Translation (NAT)
Server 131.159.15.49 NAT pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.42 Private Host 192.168.1.43
◮ replace src IP (and port) in outgoing packets 10
SLIDE 13
Network Address (and Port) Translation (NAT)
Server 131.159.15.49 NAT pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.42 Private Host 192.168.1.43
◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint 10
SLIDE 14
Network Address (and Port) Translation (NAT)
Server 131.159.15.49 NAT pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.42 Private Host 192.168.1.43
◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint ◮ lookup mapping of private and public endpoint 10
SLIDE 15
Network Address (and Port) Translation (NAT)
Server 131.159.15.49 NAT pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.42 Private Host 192.168.1.43
◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint ◮ lookup mapping of private and public endpoint ◮ replace dst IP (and port) in incoming packets 10
SLIDE 16
NAT Implications
Advantages
◮ effectively saves IP addresses: allows ∼65,000 simultaneous
connections with a single public IP address
◮ address independence: public/private IP addresse can be
changed independently
◮ topology hiding: devices inside local network are not explicitly
addressable/visible from outside
Problems
◮ connections can only be established from the local network ◮ routers should not manipulate packets above layer 2
(end-to-end principle)
◮ ports should not be used to address hosts 11
SLIDE 17
Protocols Affected by NAT
characteristics of protocols that are affected by NAT (RFC 3027):
◮ realm-specific IP address information in payload
◮ e.g. SIP, FTP
◮ bundled session applications
◮ protocols using multiple connections, e.g. active FTP
◮ peer-to-peer applications / server located in local
network
◮ any service behind NAT
◮ unsupported protocols
◮ e.g. SCTP, IPsec
12
SLIDE 18
Session Initiation Protocol (SIP)
INVITE message: establish a session (e.g. VoIP call) between peers INVITE s i p : Callee@200 . 3 . 4 . 5 SIP /2.0 Via : SIP /2.0/UDP 192.168.1.5:5060 From : < s i p : Caller@192.168.1.5 > To : <s i p : Callee@200 .3.4.5 > CSeq : 1 INVITE Contact : <s i p : Caller@192 .168.1.5:5060 > Content−Type : a p p l i c a t i o n /sdp v=0
- =A l i c e
214365879 214365879 IN IP4 192.168.1.5 c=IN IP4 192.168.1.5 t= 0 0 m =audio 5200 RTP/AVP 0 9 7 3 a=rtpmap :8 PCMU/8000 a=rtpmap :3 GSM/8000
13
SLIDE 19
File Transfer Protocol (FTP)
FTP uses
◮ a persistent control connection ◮ an on-demand data connection
FTP Server FTP Client control connection data connection
14
SLIDE 20
Solutions
◮ port forwarding
◮ static entry in the NAT state table (manually or via protocol)
◮ application layer gateway (ALG)
◮ NAT analyzes and rewrites application layer protocols, e.g. FTP
◮ hole punching
◮ private hosts try to establish a direct connection to each other
◮ relay
◮ public relay server forwards connections
15
SLIDE 21
Test your own Connection
◮ NAT Analyzer
◮ web-based test to understand NAT behavior ◮ nattest.net.in.tum.de
◮ Netalyzr
◮ web-based test or Android application ◮ more than 100 tests including NAT behavior ◮ netalyzr.icsi.berkeley.edu
16
SLIDE 22
The Situation Today
full IPv6 deployment is going to take a while
◮ Google currently serves 4% of its users via IPv6
source: www.google.com/intl/en/ipv6/statistics.html
◮ 13.9% of the "Alexa Top 1000" websites are reachable via IPv6
source: www.worldipv6launch.org/measurements/
ISPs are running out of IPv4 adresses
◮ IANA address pool depleted on 03-Feb-2011
source: www.potaroo.net/tools/ipv4
◮ growing number of subscribers
dual-stack for every device is not feasible anymore ⇒ deployment of Large Scale NAT / Carrier Grade NAT
17
SLIDE 23
NAT 444
18
SLIDE 24
Dual Stack Lite
19
SLIDE 25
464XLAT / SIIT
Stateless IP/ICMP Translation (SIIT)
◮ reserved IPv6 address range for IPv4-translated addresses ◮ ::ffff:0:0:0/96
Customer-side translation (CLAT)
◮ private IPv4 is translated into IPv6 using SIIT
Provider-side translation (PLAT)
◮ translate IPv4-translated addresses back to IPv4 and perform
NAT
20
SLIDE 26
Outline
IPv4 Address Allocation NAT DHCP
21
SLIDE 27
Dynamic Host Configuration Protocol (DHCP)
Design
◮ automated configuration of network configuration
e.g. IP addresses, subnets, gateway, DNS server, etc.
◮ UDP based client-server protocol
◮ clients request an IP address ◮ servers lease IP addresses to clients for a certain amount of time
Standardization
◮ first specified in RFC 1541 (1993) ◮ DHCPv6 (RFC 3315) is a stateful counterpart to SLAAC ◮ RFC 3633 adds prefix delegation 22
SLIDE 28
DHCP Process
◮ discover/solicit message: client announces its presence in
the network (L2 broadcast)
◮ offer/advertise message: server(s) make a lease offer to the
client.
◮ request message: client accepts an offer and requests the
- ffered configuration (L2 broadcast)
◮ implicitly denies offers of other servers ◮ is also used to extend the lease of a currently used configuration
◮ acknowledge/reply message: server leases a configuration to
the client
23
SLIDE 29