ilab
play

iLab NAT / DHCP Florian Wohlfart Minoo Rouhi lastname @in.tum.de - PowerPoint PPT Presentation

May 21, 2023 •350 likes •957 views

iLab NAT / DHCP Florian Wohlfart Minoo Rouhi lastname @in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 6 17ws 1 / 39 Outline Meta IPv4 Address Scarcity NAT IPv6

  1. iLab NAT / DHCP Florian Wohlfart Minoo Rouhi lastname @in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 6 – 17ws 1 / 39

  2. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 2 / 39

  3. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 3 / 39

  4. Oral Attestations ◮ Make sure you confirmed your time slot! ◮ We assume you show up for your designated slot ◮ Attestation is required for passing the course 4 / 39

  5. Bonus Credits Not only TCP BBR optional lab You are encouraged to improve the quality of the exercises ◮ feedback ◮ improvements (errors, typos) ◮ suggestions (questions, topics) Use ticket system and feedback form! 5 / 39

  6. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 6 / 39

  7. Motivation: IPv4 Address Scarcity source: http://www.heise.de/newsticker/meldung/RIPE-72-Streit-um-letzte-IPv4-Adressen-3221309.html 7 / 39

  8. Yearly Address Allocations source: P. Richter et al., A Primer on IPv4 Scarcity, ACM Computer Communication Review (2015) 8 / 39

  9. Allocated Address Blocks source: P. Richter et al., A Primer on IPv4 Scarcity, ACM Computer Communication Review (2015) 9 / 39

  10. IPv4 Address Allocation in 2012 source: A. Dainotti et al., Estimating Internet address space usage through passive measurements, ACM Computer Communication Review (2014) 10 / 39

  11. IPv4 Address Scarcity: Mitigation Strategies ◮ a) more efficient use of the address space → e.g. use unrouted addresses, address trading 11 / 39

  12. IPv4 Address Scarcity: Mitigation Strategies ◮ a) more efficient use of the address space → e.g. use unrouted addresses, address trading ◮ b) create more addresses → IPv6 11 / 39

  13. IPv4 Address Scarcity: Mitigation Strategies ◮ a) more efficient use of the address space → e.g. use unrouted addresses, address trading ◮ b) create more addresses → IPv6 ◮ c) address sharing → NAT 11 / 39

  14. a) IPv4 Address Market Address trading / company mergers ◮ in 2011 Microsoft bought 667K IPv4 addresses for 7.5M, that makes USD 11.25 per address source: http://www.theregister.co.uk/2011/03/24/microsoft_ip_spend ◮ in 2011 the bankrupt bookseller Borders offered 65K IPv4 addresses for USD 12 per address source: http://www.theregister.co.uk/2011/12/05/borders_flogs_ipv4_addys ◮ IPv4 Address Trading Portals e.g. http://addrex.net, http://www.iptrading.com, http://ipv4marketgroup.com Address pricing ◮ opaque, transactions not public ◮ further reading: Lee Howard, Internet Access Pricing in a Post-IPv4 Runout World, http://www.asgard.org/images/pricing_v1.3.docx 12 / 39

  15. b) IPv6 Deployment ◮ Server-side: 24% of Top 1000 websites reachable over IPv6 source: http://www.worldipv6launch.org/measurements/ ◮ Client-side: 18% of Google visitors connect over IPv6 source: https://www.google.com/intl/en/ipv6/statistics.html https://www.google.com/intl/en/ipv6/statistics.html https://www.akamai.com/uk/en/about/our- thinking/state-of-the-internet-report/state-of-the- internet-ipv6-adoption-visualization.jsp 13 / 39

  16. b) IPv6 Deployment (cont.) source: https://blogs.akamai.com/2015/06/three-years-since-world-ipv6-launch-strong-ipv6-growth-continues.html 14 / 39

  17. c) Address Sharing: Private IPv4 Address Ranges Properties ◮ anyone can use these IP address ranges in their own network ◮ addresses are not routed in the public Internet ◮ Internet access through address translation → NAT Address Ranges ◮ RFC 1918 reserves the following IPv4 address ranges ◮ 10.0.0.0/8 ◮ 172.16.0.0/12 ◮ 192.168.0.0/16 ◮ RFC 6598 reserves an additional range for ISP networks ◮ 100.64.0.0/10 ◮ RFC 4193 specifies Unique Local IPv6 addresses ◮ fc00::/7 15 / 39

  18. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 16 / 39

  19. Concept: Providing Internet Access for Private IPs Private Host Internet e.g. 192.168.1.42 ◮ outgoing packet: replace packet source with public endpoint 17 / 39

  20. Concept: Providing Internet Access for Private IPs Private Host Internet e.g. 192.168.1.42 ◮ outgoing packet: replace packet source with public endpoint Private Host Internet e.g. 192.168.1.42 ◮ incoming packet: replace packet destination with local host 17 / 39

  21. Network Address (and Port) Translation (NAT) Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 18 / 39

  22. Network Address (and Port) Translation (NAT) Packet src: 192.168.1.43:3345 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 18 / 39

  23. Network Address (and Port) Translation (NAT) Packet src: dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets 18 / 39

  24. Network Address (and Port) Translation (NAT) Packet src: 1.2.3.4 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets 18 / 39

  25. Network Address (and Port) Translation (NAT) Packet src: 1.2.3.4:4444 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets 18 / 39

  26. Network Address (and Port) Translation (NAT) NAT translation table Packet L4 global endpoint local endpoint src: 1.2.3.4:4444 dst: 131.159.15.49:80 TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint 18 / 39

  27. Network Address (and Port) Translation (NAT) NAT translation table Packet L4 global endpoint local endpoint src: 131.159.15.49:80 dst: 1.2.3.4:4444 TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint ◮ lookup mapping of private and public endpoint 18 / 39

  28. Network Address (and Port) Translation (NAT) NAT translation table Packet Packet L4 global endpoint local endpoint src: 131.159.15.49:80 src: 131.159.15.49:80 dst: 192.168.1.43:3345 dst: TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint ◮ lookup mapping of private and public endpoint ◮ replace dst IP (and port) in incoming packets 18 / 39

  29. NAT in Practice Deployment ◮ today the majority of end users are located behind NAT (+ other middleboxes) ◮ no standardization of NAT → many different implementations ◮ transparent to the public Internet 19 / 39

  30. NAT in Practice (contd.) Benefits ◮ effectively saves IP addresses: allows ∼ 65,000 simultaneous flows with a single public IP address ◮ address independence: public/private IP addresses can be changed independently ◮ topology hiding: devices inside local network are not explicitly addressable/visible from outside Problems ◮ connections can only be established from the local network ◮ ports should not be used to address hosts ◮ routers should not manipulate packets above layer 2 (end-to-end principle) 20 / 39

  31. Recap: Textbook Internet Architecture HTTP protocol browser HTTP server TCP protocol TCP TCP router IP protocol IP protocol IP IP IP Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet driver protocol driver driver protocol driver Ethernet Ethernet 21 / 39

  32. Real-World Internet Architecture: Middleboxes middlebox HTTP protocol HTTP protocol browser HTTP HTTP server TCP protocol TCP protocol TCP TCP TCP IP protocol IP protocol IP IP IP Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet protocol protocol driver driver driver driver Ethernet Ethernet 22 / 39

  33. Protocols Affected by NAT characteristics of protocols that are affected by NAT (RFC 3027): ◮ server located in the local network ◮ any service behind NAT, peer-to-peer applications ◮ realm-specific IP address information in payload ◮ e.g. SIP, FTP ◮ bundled session applications ◮ protocols using multiple connections, e.g. active FTP ◮ unsupported protocols ◮ e.g. SCTP, IPsec 23 / 39

  34. Example: Session Initiation Protocol (SIP) INVITE message: establish a session (e.g. VoIP call) between peers INVITE s i p : Callee@200 . 3 . 4 . 5 SIP /2.0 Via : SIP /2.0/UDP 192.168.1.5:5060 s r c : < s i p : Caller@192.168.1.5 > dst : <s i p : Callee@200 .3.4.5 > CSeq : 1 INVITE Contact : <s i p : Caller@192 .168.1.5:5060 > Content − Type : a p p l i c a t i o n /sdp v=0 o=A l i c e 214365879 214365879 IN IP4 192.168.1.5 c=IN IP4 192.168.1.5 t= 0 0 m =audio 5200 RTP/AVP 0 9 7 3 a=rtpmap :8 PCMU/8000 a=rtpmap :3 GSM/8000 24 / 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

your exercise iLab 1+2 info event online Tell your friends!

your exercise iLab 1+2 info event online Tell your friends!

The iLab Experience a blended learning hands-on course concept you set the focus Final Lecture Marc-Oliver Pahl, Jul 25, 2017 your exercise iLab 1+2 info event online Tell your friends!

1.81k views • 96 slides
ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network

ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network

ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen June 4, 2014 Lukas Grillmayer and Linus Lotz: ilab 2 -

1.39k views • 51 slides
iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Surveillance and operational security 14ws 1 lecture evaluation oral

916 views • 30 slides
ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP addresses. Human beings do not memorize IP

779 views • 23 slides
ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to

ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to applications application application 4

647 views • 26 slides
iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 7 17ws 1 / 41 Outline Trust Transport Layer Security Packet filter

1.19k views • 43 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 18ss 1 / 36 Outline Introduction Trust architecture Protocols Attacks

663 views • 45 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 16ss 1 / 38 Outline Introduction Trust architecture Protocols Attacks

879 views • 47 slides
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 6 16ss 1 / 34 Motivation: IPv4 Address Scarcity source:

784 views • 54 slides
course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance,

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance,

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt

986 views • 47 slides
iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 4 14ws 1 Outline Transport Layer UDP TCP MTCP / SCTP 2 Outline

720 views • 32 slides
ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL (Secure Socket Layer) /

812 views • 25 slides
iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen October 18, 2017 Based on slides of Lukas Schwaighofer 1

678 views • 46 slides
iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen April 25, 2017 Based on slides of Lukas Schwaighofer 1

471 views • 10 slides
iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de

iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de

iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 2 17ws 1 / 21 Outline Meta

540 views • 27 slides
The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself

The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself

The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself - Hardware YE - Topic Outline May 29, 2018 10.4. Kick Off, IPv6 1 IPv6 BGP 17.4. 2 Minilab 1 2 mini labs Advanced Wireless Playground BGP

1.64k views • 125 slides
Unification It is an algorithm for determining the substitutions needed to make two predicate

Unification It is an algorithm for determining the substitutions needed to make two predicate

Unification It is an algorithm for determining the substitutions needed to make two predicate calculus expressions match Examples of substitution ( ) 1. ( ) ( ) X man X mortal X substitute hassan for X =&gt;

1.72k views • 27 slides
Inheritance Inheritance Introduction Three different kinds of inheritance Chapter 15

Inheritance Inheritance Introduction Three different kinds of inheritance Chapter 15

Overview Inheritance Inheritance Introduction Three different kinds of inheritance Chapter 15 Changing an inherited member function &amp; additional topics More Inheritance Details Polymorphism Motivating Example: Employee

406 views • 24 slides
Families as Shocks Luis Cubeddu Jos e-V ctor R os-Rull IMF Penn, CAERP, CEPR

Families as Shocks Luis Cubeddu Jos e-V ctor R os-Rull IMF Penn, CAERP, CEPR

Families as Shocks Luis Cubeddu Jos e-V ctor R os-Rull IMF Penn, CAERP, CEPR August 21, 2002 EEA Meetings, Venezia, August 2002 1. Introduction There is a large literature both in macro and in applied micro (consumption,

537 views • 24 slides
EnaCloud: An Energy- saving Application Live Placement Approach for Cloud Computing

EnaCloud: An Energy- saving Application Live Placement Approach for Cloud Computing

EnaCloud: An Energy- saving Application Live Placement Approach for Cloud Computing Environments Shayan Mehrazarin, Yasir Alyoubi, and Abdulmajeed Alyoubi May 6, 2015 Outline Recap on EnaCloud Our Analysis of EnaCloud Our

209 views • 10 slides
AN INTEGER PROGRAMMING FORMULATION OF THE MINIMAL JACOBIAN REPRESENTATION PROBLEM P a u l

AN INTEGER PROGRAMMING FORMULATION OF THE MINIMAL JACOBIAN REPRESENTATION PROBLEM P a u l

2016 SIAM WORKSHOP ON COMBINATORIAL SCIENTIFIC COMPUTING 10 OCTOBER 2016 AN INTEGER PROGRAMMING FORMULATION OF THE MINIMAL JACOBIAN REPRESENTATION PROBLEM P a u l h vla o n d PAUL HOVLAND Mathematics and Computer Science Division

737 views • 41 slides
APCNN : Tackling Class Imbalance in Relation Extraction through Aggregated Piecewise Convolutional

APCNN : Tackling Class Imbalance in Relation Extraction through Aggregated Piecewise Convolutional

APCNN : Tackling Class Imbalance in Relation Extraction through Aggregated Piecewise Convolutional Neural Networks Alisa Smirnova , Julien Audiffren, Philippe Cudr-Mauroux eXascale Infolab, University of Fribourg, Switzerland Table of Contents

389 views • 27 slides
OSVGAN: Generative Adversarial Networks for Data Scarce Online Signature Verification Chandra

OSVGAN: Generative Adversarial Networks for Data Scarce Online Signature Verification Chandra

OSVGAN: Generative Adversarial Networks for Data Scarce Online Signature Verification Chandra Sekhar Vorugunti - IIIT SriCity Sai Sasikanth Indukuri Umass-Amherst Viswanath Pulabaigari IIIT SriCity Sai RamKrishna Gorthi IIT Tirupati

264 views • 15 slides
SEAN CHAMBERS DIRECTOR OF WATER AND SEWER CITY OF GREELEY THOUGHTS ON WATER BANKING THROUGH

SEAN CHAMBERS DIRECTOR OF WATER AND SEWER CITY OF GREELEY THOUGHTS ON WATER BANKING THROUGH

PANELISTS SEAN CHAMBERS DIRECTOR OF WATER AND SEWER CITY OF GREELEY THOUGHTS ON WATER BANKING THROUGH THE MUNICIPAL LENS PRESENTED BY SEAN CHAMBERS DIRECTOR OF WATER &amp; SEWER CITY OF GREELEY BANKING WATER ADDRESSING VARIABILITY -

209 views • 10 slides

More recommend