internet lab ilab1 nat dhcp
play

Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de - PowerPoint PPT Presentation

Jun 28, 2023 •463 likes •1.11k views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 6 – WiSe 2018

  2. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 1/40

  3. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 2/40

  4. Bonus Credits You are encouraged to improve the quality of the exercises • feedback • improvements (errors, typos) • suggestions (questions, topics) Use ticket system and feedback form! 3/40

  5. Attestations No lecture during week of attestations • No lecture: 2018-12-12 • TLS and packet filtering lab will be 2 weeks • Lecture on this topic next week 4/40

  6. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 5/40

  7. Motivation: IPv4 Address Scarcity 6/40

  8. Yearly Address Allocations source: P . Richter et al., A Primer on IPv4 Scarcity, ACM Computer Communication Review (2015) 7/40

  9. Allocated Address Blocks source: P . Richter et al., A Primer on IPv4 Scarcity, ACM Computer Communication Review (2015) 8/40

  10. IPv4 Address Allocation in 2012 9/40 source: A. Dainotti et al., Estimating Internet address space usage through passive measurements, ACM Computer Communication Review (2014)

  11. IPv4 Address Scarcity: Mitigation Strategies • a) more efficient use of the address space → e.g. use unrouted addresses, address trading 10/40

  12. IPv4 Address Scarcity: Mitigation Strategies • a) more efficient use of the address space → e.g. use unrouted addresses, address trading • b) create more addresses → IPv6 10/40

  13. IPv4 Address Scarcity: Mitigation Strategies • a) more efficient use of the address space → e.g. use unrouted addresses, address trading • b) create more addresses → IPv6 • c) address sharing → NAT (and DHCP) 10/40

  14. a) IPv4 Address Market Address trading / company mergers • in 2011 Microsoft bought 667K IPv4 addresses for 7.5M USD (11.25 USD per IPv4 address) source: http://www.theregister.co.uk/2011/03/24/microsoft_ip_spend • in 2017 MIT started selling half of its 16 million IPv4 addresses source: https://www.networkworld.com/article/3191503/internet/mit-selling-8-million-coveted-ipv4-addresses-amazon-a-buyer.html • IPv4 address trading increases, 15-18 USD per IPv4 address source: http://www.circleid.com/posts/20180307_the_ipv4_market_2017_and_beyond/ Address pricing • opaque, transactions not public • further reading: Lee Howard, Internet Access Pricing in a Post-IPv4 Runout World, http://www.asgard.org/images/pricing_v1.3.docx 11/40

  15. b) IPv6 Deployment IPv6 support required from end-to-end: • server-side: Content Providers • network path: ISP Networks and Transit Providers • client-side: Content Consumers https://ams-ix.net/technical/statistics/sflow-stats/ipv6-traffic further reading: https://cdn.prod.internetsociety.org/wp-content/uploads/2017/08/IPv6_report_2017-0606.pdf 12/40

  16. b) IPv6 Deployment: Content Providers • 28% of Top 1000 websites reachable over IPv6 source: http://www.worldipv6launch.org/measurements/ • 15% of Top 1M websites reachable over IPv6 source: https://bgp.he.net/ipv6-progress-report.cgi • 98% of the 4M sites on Cloudflare use IPv6 source: https://blog.cloudflare.com/98-percent-ipv6/ • DNS: 98.4% of TLDs operate IPv6 nameservers source: https://bgp.he.net/ipv6-progress-report.cgi https://www.akamai.com/uk/en/about/our-thinking/state-of-the-internet-report/state-of-the-internet-ipv6-adoption-visualization.jsp 13/40

  17. b) IPv6 Deployment: ISP and Transit Networks • 24% of all ASes announce IPv6 prefixes source: http://v6asns.ripe.net/v/6 source: http://v6asns.ripe.net/v/6 14/40

  18. b) IPv6 Deployment: Content Consumers • 24% of Google visitors connect over IPv6 source: https://www.google.com/intl/en/ipv6/statistics.html http://www.circleid.com/posts/20180521_what_drives_ipv6_deployment/ 15/40

  19. c) Address Sharing: Private IPv4 Address Ranges Properties • anyone can use these IP address ranges in their own network • addresses are not routed in the public Internet • Internet access through address translation → NAT Address Ranges • RFC 1918 reserves the following IPv4 address ranges 10.0.0.0/8 • 172.16.0.0/12 • 192.168.0.0/16 • • RFC 6598 reserves an additional range for ISP networks 100.64.0.0/10 • • RFC 4193 specifies Unique Local IPv6 addresses fc00::/7 • 16/40

  20. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 17/40

  21. Concept: Providing Internet Access for Private IPs Private Host Internet e.g. 192.168.1.42 • outgoing packet: replace packet source with public endpoint 18/40

  22. Concept: Providing Internet Access for Private IPs Private Host Internet e.g. 192.168.1.42 • outgoing packet: replace packet source with public endpoint Private Host Internet e.g. 192.168.1.42 • incoming packet: replace packet destination with local host 18/40

  23. Network Address (and Port) Translation (NAT) Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 19/40

  24. Network Address (and Port) Translation (NAT) Packet src: 192.168.1.43:3345 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 19/40

  25. Network Address (and Port) Translation (NAT) Packet src: dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets 19/40

  26. Network Address (and Port) Translation (NAT) Packet src: 1.2.3.4 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets 19/40

  27. Network Address (and Port) Translation (NAT) Packet src: 1.2.3.4:4444 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets 19/40

  28. Network Address (and Port) Translation (NAT) Packet NAT translation table L4 global endpoint local endpoint src: 1.2.3.4:4444 dst: 131.159.15.49:80 TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets • remember mapping of private and public endpoint 19/40

  29. Network Address (and Port) Translation (NAT) Packet NAT translation table L4 global endpoint local endpoint src: 131.159.15.49:80 dst: 1.2.3.4:4444 TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets • remember mapping of private and public endpoint • lookup mapping of private and public endpoint 19/40

  30. Network Address (and Port) Translation (NAT) Packet Packet NAT translation table L4 global endpoint local endpoint src: 131.159.15.49:80 src: 131.159.15.49:80 dst: 192.168.1.43:3345 dst: TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets • remember mapping of private and public endpoint • lookup mapping of private and public endpoint • replace dst IP (and port) in incoming packets 19/40

  31. Network Address (and Port) Translation (NAT) NAT translation table L4 global endpoint local endpoint TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets • remember mapping of private and public endpoint • lookup mapping of private and public endpoint • replace dst IP (and port) in incoming packets 19/40

  32. NAT in Practice Deployment • today the majority of end users are located behind NAT (+ other middleboxes) • no standardization of NAT → many different implementations • transparent to the public Internet 20/40

  33. NAT in Practice (contd.) Benefits • effectively saves IP addresses: allows ∼ 65,000 simultaneous flows with a single public IP address • address independence: public/private IP addresses can be changed independently • topology hiding: devices inside local network are not explicitly addressable/visible from outside Problems • connections can only be established from the local network • ports should not be used to address hosts • routers should not manipulate packets above layer 2 (end-to-end principle) 21/40

  34. Recap: Textbook Internet Architecture HTTP protocol browser HTTP server TCP protocol TCP TCP router IP protocol IP protocol IP IP IP Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet protocol protocol driver driver driver driver Ethernet Ethernet 22/40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Internet Lab (iLab1) Introduction to Cryptography Lars Wstrich ilab1@net.in.tum.de Chair of

Internet Lab (iLab1) Introduction to Cryptography Lars Wstrich ilab1@net.in.tum.de Chair of

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Introduction to Cryptography Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures and Services Department

694 views • 57 slides
Internet Lab (iLab1) Wireless Networks Lars Wstrich ilab1@net.in.tum.de Chair of Network

Internet Lab (iLab1) Wireless Networks Lars Wstrich ilab1@net.in.tum.de Chair of Network

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Wireless Networks Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures and Services Department of

715 views • 32 slides
Internet Lab (iLab1) Domain Name Sytem Dominik Scholz ilab1@net.in.tum.de Chair of Network

Internet Lab (iLab1) Domain Name Sytem Dominik Scholz ilab1@net.in.tum.de Chair of Network

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Domain Name Sytem Dominik Scholz ilab1@net.in.tum.de Chair of Network Architectures and Services Department of

1.01k views • 54 slides
Internet Lab (iLab1) Basics Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures

Internet Lab (iLab1) Basics Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Basics Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics

240 views • 22 slides
Internet Lab (iLab1) Basics Minoo Rouhi ilab1@net.in.tum.de Chair of Network Architectures and

Internet Lab (iLab1) Basics Minoo Rouhi ilab1@net.in.tum.de Chair of Network Architectures and

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Basics Minoo Rouhi ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics Technical

609 views • 24 slides
Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC

Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC

Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC DHCP Open-Source First version released in 1997 Default DHCP software in many distributions Server/relay/client for IPv4 & IPv6

303 views • 13 slides
How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M.

How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M.

How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M. Moura , Carlos Gan, Qasim Lone, Payam Poursaied, Hadi Asghari, and Michel van Eeten

92 views • 6 slides
DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host.

DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host.

DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host. Allocate network address to nodes: Automatic allocation: permanent assignment. Dynamic allocation: for a limited period of time. Manual

387 views • 9 slides
DHCP EAP Analysis or wheres my pony? Protocol overview

DHCP EAP Analysis or wheres my pony? Protocol overview

DHCP EAP Analysis or wheres my pony? Protocol overview EAP Encapsulated in DHCP Protocol DHCP protocol starts normally Relay (proxy)

881 views • 12 slides
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 6 14ws 1 Outline IPv4 Address Allocation NAT DHCP 2 Outline IPv4

543 views • 29 slides
iLab DNS and DNSSEC Dominik Scholz Slides by Benjamin Hof ilab1 @list.net.in.tum.de Chair of

iLab DNS and DNSSEC Dominik Scholz Slides by Benjamin Hof ilab1 @list.net.in.tum.de Chair of

iLab DNS and DNSSEC Dominik Scholz Slides by Benjamin Hof ilab1 @list.net.in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 5 17ws 1 / 32 Outline Domain Name System

853 views • 58 slides
... sclass1 sclass10 Net-linux Net-linux DHCP DHCP The lab has 10 dell systems. Each dell

... sclass1 sclass10 Net-linux Net-linux DHCP DHCP The lab has 10 dell systems. Each dell

Notes on Running Dsniff and the Lab Network Environment Cyber Security Lab 2/16/10 1 General Overview 1.1 Initial machine configuration Outside World DMZ Management 192.168.50.50 192.168.50.60 Dmz 192.168.50.0/24 FW1 Outside =

182 views • 4 slides
DHCP Rework in Bro 2.6 Seth Hall Corelight Why Tackled? Why Tackled? Log wasnt great.

DHCP Rework in Bro 2.6 Seth Hall Corelight Why Tackled? Why Tackled? Log wasnt great.

DHCP Rework in Bro 2.6 Seth Hall Corelight Why Tackled? Why Tackled? Log wasnt great. Purely based on DHCP ACK messages. No tie together between assigned IP address and MAC address. Load balancing issues Mix of broadcast

626 views • 14 slides
Introducing TCP & UDP Internet Transport Layers (C) Herbert Haas 2005/03/11 TCP/IP Protocol

Introducing TCP & UDP Internet Transport Layers (C) Herbert Haas 2005/03/11 TCP/IP Protocol

Introducing TCP & UDP Internet Transport Layers (C) Herbert Haas 2005/03/11 TCP/IP Protocol Suite BootP Application SMTP HTTP FTP Telnet DNS SNMP etc. DHCP ( M I M E ) Presentation Routing Protocols Session OSPF BGP UDP TCP

1.15k views • 91 slides
A SAVI Solution for DHCP Jun Bi, Jianping Wu, Guang Yao, Fred Baker draft ietf savi

A SAVI Solution for DHCP Jun Bi, Jianping Wu, Guang Yao, Fred Baker draft ietf savi

A SAVI Solution for DHCP Jun Bi, Jianping Wu, Guang Yao, Fred Baker draft ietf savi dhcp 01(02).txt IETF77, Anaheim Mar.23 2010 Outline Solution Basis Additional Features in 01(02) Version Next Step Solution Basis Basis

368 views • 26 slides
DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection

DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection

DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection Simple Cases 1. Delegating router is on same link as requesting router delegating router can manage the routing information 2. DHCP server

571 views • 7 slides
Time Series Time Series Time Series Prof. Paolo Ciaccia Prof. Paolo Ciaccia http://www-

Time Series Time Series Time Series Prof. Paolo Ciaccia Prof. Paolo Ciaccia http://www-

Time Series Time Series Time Series Prof. Paolo Ciaccia Prof. Paolo Ciaccia http://www- http://www -db. db.deis deis. .unibo unibo. .it it/ /courses courses/SI /SI- -LS/ LS/ 08_TimeSeries.pdf 08_TimeSeries. pdf Sistemi

242 views • 10 slides
FIRESIDE CHATS FOR LOCKDOWN TIMES Introduction to DFT (Part I) Nicola Marzari, EPFL OUTLINE

FIRESIDE CHATS FOR LOCKDOWN TIMES Introduction to DFT (Part I) Nicola Marzari, EPFL OUTLINE

FIRESIDE CHATS FOR LOCKDOWN TIMES Introduction to DFT (Part I) Nicola Marzari, EPFL OUTLINE What is density-functional theory? (Part I) What does it take to perform these calculations? (Part II) Why is it relevant for science and

826 views • 55 slides
Is there something in between SUGRA and Strings? Olaf Hohm Double Field Theory Siegel (1993),

Is there something in between SUGRA and Strings? Olaf Hohm Double Field Theory Siegel (1993),

Is there something in between SUGRA and Strings? Olaf Hohm Double Field Theory Siegel (1993), Hull, Zwiebach (2009), O.H., Hull, Zwiebach (2010 ), O.H., Siegel, Zwiebach (2013 ) Exceptional Field Theory de Wit, Nicolai (1986),

104 views • 8 slides
Nuclear forces and their impact on structure, reactions and astrophysics Dick Furnstahl Ohio

Nuclear forces and their impact on structure, reactions and astrophysics Dick Furnstahl Ohio

Nuclear forces and their impact on structure, reactions and astrophysics Dick Furnstahl Ohio State University July, 2013 Lectures for Week 3 M. Many-body problem and basis considerations (as); Many-body perturbation theory (rjf) T. Neutron

696 views • 38 slides
Summary Chapter 4 q IP Addressing v Network prefixes and Subnets v IP datagram format q DHCP

Summary Chapter 4 q IP Addressing v Network prefixes and Subnets v IP datagram format q DHCP

Smith College, CSC 249 March 2, 2018 1 Summary Chapter 4 q IP Addressing v Network prefixes and Subnets v IP datagram format q DHCP dynamic addressing v Obtain: own IP address Subnet mask, DNS server & first-hop v router IP address q

205 views • 20 slides
BootP and DHCP Flexible and Scalable Host Configuration 2005/03/11 (C) Herbert Haas

BootP and DHCP Flexible and Scalable Host Configuration 2005/03/11 (C) Herbert Haas

BootP and DHCP Flexible and Scalable Host Configuration 2005/03/11 (C) Herbert Haas Shortcomings of RARP Reverse Address Resolution Protocol Only IP Address distribution No subnet mask Using hardware address for identification

443 views • 29 slides
Installation Installation Procedures Procedures for Clusters for Clusters PART 2 Agenda

Installation Installation Procedures Procedures for Clusters for Clusters PART 2 Agenda

Moreno Baricevic CNR-INFM DEMOCRITOS Trieste, ITALY Installation Installation Procedures Procedures for Clusters for Clusters PART 2 Agenda Agenda Cluster Services Overview on Installation Procedures Configuration and Setup of a

332 views • 20 slides
Benchmark suites to measure Motivation computer performance Benchmarking overview

Benchmark suites to measure Motivation computer performance Benchmarking overview

Benchmark suites to measure computer performance Outline Benchmark suites to measure Motivation computer performance Benchmarking overview Generic benchmarks TPC benchmarks SPEC benchmarks ICCA04 SPEC CPU2000 benchmark

243 views • 5 slides

More recommend