the road ahead
play

The Road Ahead NAT IPv6 Tunneling / Overlays Network - PDF document

Dec 24, 2022 •351 likes •462 views

CS 640: Introduction to Computer Networks Aditya Akella Lecture 12 - IP-Foo The Road Ahead NAT IPv6 Tunneling / Overlays Network Management Network Address Translation NAT maps (private source IP, source port)

  1. CS 640: Introduction to Computer Networks Aditya Akella Lecture 12 - IP-Foo The Road Ahead • NAT • IPv6 • Tunneling / Overlays • Network Management Network Address Translation • NAT maps (private source IP, source port) onto (public source IP, unique source port) – reverse mapping on the way back – destination host does not know that this process is happening • Very simple working solution – NAT functionality fits well with firewalls Priv A IP B IP A B IP Priv A IP A Port B Port B Port A Port NAT Publ A IP B IP B IP Publ A IP B A Port’ B Port B Port A Port’ Page 1

  2. Types of NATs • Bi-directional NAT: 1 to 1 mapping between internal and external addresses. – E.g., 128.237.0.0/16 -> 10.12.0.0/16 – External hosts can directly contact internal hosts – Why use? • Flexibility: Change providers, don’t change internal addrs. • Need as many external addresses as you have hosts - can use sparse address space internally. • “Traditional” NAT: Unidirectional – Basic NAT: Pool of external addresses • Translate source IP address (+checksum,etc) only – Network Address Port Translation (NAPT): What most of us use at home • Translate ports – E.g., map (10.0.0.5 port 5555 -> 18.31.0.114 port 22) to (128.237.233.137 port 5931 -> 18.31.0.114 port 22) • Lets you share a single IP address among multiple computers NAT Considerations • NAT has to be consistent during a session. – Set up mapping at the beginning of a session and maintain it during the session – Recycle the mapping at the end of the session • May be hard to detect • Use DHCP (at home) • Usually static, though • NAT only works cleanly for certain applications. – Some applications (e.g. ftp) pass IP information in payload – Need application level gateways to do a matching translation • Dirty!! NAT Considerations • NAT is loved and hated – Breaks a lot of applications. – Inhibits new applications like p2p. – Little NAT boxes make home networking simple. – Saves addresses (Address reuse) – Makes allocation simple. Page 2

  3. IP v6 • “Next generation” IP. V/Pr Flow label • Most urgent issue: increasing address space. Length Next HopLim – 128 bit addresses • Simplified header for faster processing: Source IP address – No checksum (why not?) – No fragmentation (?) • Support for guaranteed services: priority and flow id Destination IP address • Options handled as “next header” – reduces overhead of handling options IPv6 Addressing • Do we need more addresses? Probably, long term – Big panic in 90s: “We’re running out of addresses!” – Big reality in 2005: We’re about 50% used. • CIDR • Tighter allocation policies; voluntary IP reclamation • NAT!!! – Big worry: Millions of IP devices. • Small devices, Cell phones, toasters, pants… • 128 bit addresses provide space for structure (good!) – Hierarchical addressing is much easier – Assign an entire 48-bit sized chunk per LAN -- use Ethernet addresses – Different chunks for geographical addressing, the IPv4 address space, – Perhaps help clean up the routing tables - just use one huge chunk per ISP and one huge chunk per customer. Sub 010 Registry Provider Subscriber Host Net Back to Switching • Common case: Switched in silicon (“fast path”) – Most actions • Special cases: Handed to CPU (“slow path”, or “process switched”) – Fragmentation – TTL expiration (traceroute) – IP option handling – Considered evil: slows routers down; avenue for attacks Page 3

  4. IPv6 Header Cleanup • No checksum – Why checksum just the IP header? • Efficiency: If packet corrupted at hop 1, don’t waste downstream b/w – Useful when corruption frequent, b/w expensive • Today: Corruption rare, b/w cheap • Different options handling – IPv4 options: Variable length header field. 32 different options. • Rarely used • Processed in “slow path”. – IPv6 options: “Next header” pointer • Combines “protocol” and “options” handling – Next header: “TCP”, “UDP”, etc. • Extensions header: Chained together • Makes it easy to implement host-based options • One value “hop-by-hop” examined by intermediate routers – Things like “source route” implemented only at intermediate hops IPv6 Fragmentation Cleanup • Discard packets, send ICMP “Packet Too Big” – Similar to IPv4 “Don’t Fragment” bit handling – Sender must support Path MTU discovery • Receive “Packet too Big” messages and send smaller packets • Increased minimum packet size – Link must support 1280 bytes – 1500 bytes if link supports variable sizes • Reduced packet processing and network complexity. • Increased MTU a boon to application writers • Hosts can still fragment – Routers don’t deal with it any more Migration from IPv4 to IPv6 • Interoperability with IPv4 is necessary for gradual deployment. • Two complementary mechanisms: – Dual stack operation: IP v6 nodes support both address types – Tunneling: tunnel IP v6 packets through IP v4 clouds • Alternative is to create “IPv6 islands”, e.g. enterprise networks, private interconnections,… – Use NAT to connect to the outside world – NAT translates addresses and also translate between IPv4 and IPv6 protocols Page 4

  5. IPv6 Discussion • IPv4 Infrastructure got better – Address efficiency – Co-opted IPv6 ideas: IPSec, diffserv, autoconfiguration via DHCP, etc. • Massive challenge – Huge installed base of IPv4-speaking devices – Tussle • Who’s the first person to go IPv6-only? • Slow but steady progress in deployment – Most hosts & big routers support – Long-term: The little devices will probably force IPv6 Tunneling • Force a packet to go via a specific point in the network. IP1 – Path taken is different from the regular routing • Achieved by adding an extra IP header to the packet with a new destination address. – Similar to putting a letter in IP2 another envelope – preferable to using IP source routing option • Used increasingly to deal with special routing requirements or new features. Data IP1 IP2 – Mobile IP,.. – Multicast, IPv6, research overlays IP-in-IP Tunneling • IP source and destination address identify tunnel V/HL TOS Length endpoints. ID Flags/Offset TTL 4 H. Checksum • Protocol id = 4. Tunnel Entry IP – IP Tunnel Exit IP V/HL TOS Length • Several fields are copies of the inner-IP header. ID Flags/Offset – TOS, some flags, .. TTL Prot. H. Checksum Source IP address • Inner header is not Destination IP address modified – Just like payload Payload Page 5

  6. Tunneling Considerations • Performance: – Tunneling adds (of course) processing overhead – Tunneling increases the packet length, which may cause fragmentation • BIG hit in performance in most systems • Tunneling in effect reduces the MTU of the path, but end- points often do not know this • Security issues: – Should verify both inner and outer header • Dealing with NATs – Good or bad? Overlay Networks • A network “on top of the network”. – E.g., initial Internet deployment • Internet routers connected via phone lines – An overlay on the phone network – Use tunnels between nodes on a current network • Examples: – The IPv6 “6bone”, the multicast “Mbone” (“multicast backbone”). • But not limited to IP-layer protocols… – Can do some pretty cool stuff Overlay Networks • Application-layer Overlays – Application Layer multicast (more later) • Transmit data stream to multiple recipients – Peer-to-Peer networks • Route queries (Gnutella search for “briney spars”) • Route answers (Bittorrent, etc.) – Anonymizing overlays • Route data through lots of peers to hide source – (google for “Tor” “anonymous”) – Improved routing • Detect and route around failures faster than the underlying network does. Page 6

  7. IP Multicast MIT Berkeley UCSD CMU routers end systems multicast flow • Highly efficient • Good delay End System Multicast MIT1 MIT Berkeley MIT2 UCSD CMU1 CMU CMU2 Berkeley MIT1 Overlay Tree MIT2 UCSD CMU1 CMU2 Potential Benefits Over IP Multicast • Quick deployment • All multicast state in end systems • Computation at forwarding points simplifies support for higher level functionality MIT1 MIT Berkeley MIT2 UCSD CMU1 CMU CMU2 Page 7

  8. Network Management • Two sub-issues: – Configuration management • How do I deal with all of these hosts?! – Network monitoring • What the heck is going on on those links? Auto-configuration • IP address, netmask, gateway, hostname, etc., etc. – Type by hand!!! • IPv4 option 1: RARP (Reverse ARP) – Data-link protocol • Uses ARP format. New opcodes: “Request reverse”, “reply reverse” – Send query: Request-reverse [ether addr], server responds with IP • Used primarily by diskless nodes, when they first initialize, to find their Internet address • IPv4 option 2: DHCP – Dynamic Host Configuration Protocol – ARP is fine for assigning an IP, but is very limited – DHCP can provide all the info necessary DHCP DHCPDISCOVER - broadcast DHCPOFFER DHCPREQUEST DHCPACK • DHCPOFFER – IP addressing information – Boot file/server information (for network booting) – DNS name servers – Lots of other stuff - protocol is extensible; half of the options reserved for local site definition and use. Page 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IRAN The Road Ahead Ahmad Azizi March 2016 Iran The road ahead Why Iran? Economy

IRAN The Road Ahead Ahmad Azizi March 2016 Iran The road ahead Why Iran? Economy

IRAN The Road Ahead Ahmad Azizi March 2016 Iran The road ahead Why Iran? Economy Market Prospects Foreign Investment Challenges Banking Future Plans - GDP target & financial sector reform JCPOA

323 views • 28 slides
The Road Ahead Business Case for GODAN Andre Laperriere GODAN Executive Director GODAN: The

The Road Ahead Business Case for GODAN Andre Laperriere GODAN Executive Director GODAN: The

The Road Ahead Business Case for GODAN Andre Laperriere GODAN Executive Director GODAN: The Road Ahead Donor Meeting London, United Kingdom July 27, 2018 GODANs Purpose Trigger Facilitate new Facilitate data Showcase open innovation

399 views • 26 slides
Rural housing demand: The road ahead Rolf Penda ndall, J Jun Z un Zhu, hu, a and L nd Laur

Rural housing demand: The road ahead Rolf Penda ndall, J Jun Z un Zhu, hu, a and L nd Laur

Rural housing demand: The road ahead Rolf Penda ndall, J Jun Z un Zhu, hu, a and L nd Laur urie G Goodm dman The he F Fut utur ure o of Rur ural Communi unities, May 1 10, 2016 http://snarkybytes.com/2012/10/20/ohio-road/ Main

252 views • 22 slides
THE ROAD AHEAD ITS DECISION TIME!!! ITS DECISION TIME.. What will I do after

THE ROAD AHEAD ITS DECISION TIME!!! ITS DECISION TIME.. What will I do after

THE ROAD AHEAD ITS DECISION TIME!!! ITS DECISION TIME.. What will I do after graduation? a) University? b) College? c) Apprenticeship? d) Victory lap? e) Work? f) Travel? IT IS NORMAL TO FEEL NERVOUS ABOUT THE FUTURE! JOIN THE

418 views • 26 slides
Major Road Network Consultation Moving Britain Ahead March 18 Proposals for the Creation of a

Major Road Network Consultation Moving Britain Ahead March 18 Proposals for the Creation of a

Major Road Network Consultation Moving Britain Ahead March 18 Proposals for the Creation of a Major Road Network 1 How Our Roads Are Currently Managed The Strategic Road Network (SRN) Local roads The busiest part of the road network

404 views • 7 slides
WASHINGTON STATE ROAD USAGE CHARGE PILOT PROJECT TEST DRIVE THE ROAD AHEAD PROBLEM Gas tax

WASHINGTON STATE ROAD USAGE CHARGE PILOT PROJECT TEST DRIVE THE ROAD AHEAD PROBLEM Gas tax

WASHINGTON STATE ROAD USAGE CHARGE PILOT PROJECT TEST DRIVE THE ROAD AHEAD PROBLEM Gas tax wont fund future needs WASHINGTON STATE GAS TAX BREAKDOWN 3 * Of the 9.5, 8.5 is used by the state for highway projects, 1 goes to cities and

939 views • 57 slides
INFRADAY Internalisation of External Costs within Road Charging Go-ahead for a sustainable

INFRADAY Internalisation of External Costs within Road Charging Go-ahead for a sustainable

INFRADAY Internalisation of External Costs within Road Charging Go-ahead for a sustainable development of HGV-traffic in the EU 8 October 2011, Berlin 111474 Bignon Lebray Avocats Waldeck Rechtsanwlte Sbastien Pinot

592 views • 18 slides
Genesis 23-25 THE ROAD AHEAD Opening Thoughts We come now to the end of Abrahams life Focus

Genesis 23-25 THE ROAD AHEAD Opening Thoughts We come now to the end of Abrahams life Focus

Genesis 23-25 THE ROAD AHEAD Opening Thoughts We come now to the end of Abrahams life Focus of these next few chapters is Abraham setting things in order He addresses three major items Family burial site - Gen 23 Wife for Isaac

514 views • 17 slides
KOHA at OSA: Experiences and the road ahead Katalin Dob (Senior Librarian) dobok@ceu.hu

KOHA at OSA: Experiences and the road ahead Katalin Dob (Senior Librarian) dobok@ceu.hu

KOHA at OSA: Experiences and the road ahead Katalin Dob (Senior Librarian) dobok@ceu.hu Jzsef Gbor Bn (Database Developer) bonej@ceu.hu Integrated library system standards-compliant records: AACR2, MARC21, LCSH Books Periodicals

388 views • 26 slides
THE ROAD AHEAD: MY JOURNEY IN SCIENCE & YOURS Kenneth D. Gibbs, Jr., Ph.D., M.P.H. Program

THE ROAD AHEAD: MY JOURNEY IN SCIENCE & YOURS Kenneth D. Gibbs, Jr., Ph.D., M.P.H. Program

THE ROAD AHEAD: MY JOURNEY IN SCIENCE & YOURS Kenneth D. Gibbs, Jr., Ph.D., M.P.H. Program Director Division of Training, Workforce Development & Diversity National Institute of General Medical Sciences National Institutes of Health*

404 views • 36 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
Microfinance in India The road traversed and what lies ahead Rajalaxmi Kamath & P C

Microfinance in India The road traversed and what lies ahead Rajalaxmi Kamath & P C

Microfinance in India The road traversed and what lies ahead Rajalaxmi Kamath & P C Narayan 6th November, 2017 1969 Nationalization of Banks 100% government ownership of large banks State directed lending Increased

320 views • 14 slides
The Road Ahead p2p file sharing techniques Downloading: Whole-file vs. chunks

The Road Ahead p2p file sharing techniques Downloading: Whole-file vs. chunks

CS 640: Introduction to Computer Networks Aditya Akella Lecture 24 - Peer-to-Peer The Road Ahead p2p file sharing techniques Downloading: Whole-file vs. chunks Searching Centralized index (Napster, etc.) Flooding

288 views • 10 slides
PROPOSED NEBEL STREET B BICYCLE FACILITIES RANDOLPH R ROAD T TO MARINELLI ROAD May 18, 2015

PROPOSED NEBEL STREET B BICYCLE FACILITIES RANDOLPH R ROAD T TO MARINELLI ROAD May 18, 2015

PROPOSED NEBEL STREET B BICYCLE FACILITIES RANDOLPH R ROAD T TO MARINELLI ROAD May 18, 2015 shifting gears for a better ride ahead STUDY AREA Existing Shared- Use Paths Randolph Road Near Future Bike Facility Marinelli Road Woodglen

531 views • 24 slides
The Road Ahead 2.0 Reopening Our Schools August 20, 2020 Updates Two Primary Objectives

The Road Ahead 2.0 Reopening Our Schools August 20, 2020 Updates Two Primary Objectives

The Road Ahead 2.0 Reopening Our Schools August 20, 2020 Updates Two Primary Objectives Returning Students and and Stafg to School Building Safely Improve/Redesign Meaningful Quality Learning in an Online Space Updates

792 views • 24 slides
SECURITY , PRIVACY AND TRUST IN INTERNET OF THINGS: THE ROAD AHEAD S. Sicari, A. Rizzardi, L.A.

SECURITY , PRIVACY AND TRUST IN INTERNET OF THINGS: THE ROAD AHEAD S. Sicari, A. Rizzardi, L.A.

SECURITY , PRIVACY AND TRUST IN INTERNET OF THINGS: THE ROAD AHEAD S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini Tran Song Dat Phuc SeoulTech 2015 Table of Contents Introduction Objectives IoT Security Requirements:

600 views • 44 slides
Architecture WINLAB Research Review Dec 4, 2015 D. Raychaudhuri WINLAB, Rutgers University

Architecture WINLAB Research Review Dec 4, 2015 D. Raychaudhuri WINLAB, Rutgers University

Next-Generation Mobile Network Architecture WINLAB Research Review Dec 4, 2015 D. Raychaudhuri WINLAB, Rutgers University ray@winlab.rutgers.edu Introduction Introduction: 5G Vision Faster radio ~Gbps Low-latency wireless access ~ms

623 views • 31 slides
Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4 addresses have 32 bits only not enough for 1 IP address per person dynamic IPs, NAT, Manual configuration time consuming (in larger

655 views • 16 slides
IP: Next GenerationA Tutorial Bruce A. Mah bmah@{CS.Berkeley.EDU,research.ATT.COM} University

IP: Next GenerationA Tutorial Bruce A. Mah bmah@{CS.Berkeley.EDU,research.ATT.COM} University

IP: Next GenerationA Tutorial Bruce A. Mah bmah@{CS.Berkeley.EDU,research.ATT.COM} University of California at Berkeley International Computer Science Institute AT&T Bell Laboratories 29 August 1994 Y O T I F S R C A

575 views • 29 slides
Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas

Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas Mller Internet Protocol Stack The Internet

1.09k views • 31 slides
Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M.

Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M.

Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M. Handley , Z. Mao, S. Shenker, and I. Stoica Routing 1999 Internet Map Coloured by ISP Source: Bill Cheswick, Lumeta AS-level Topology 2003

946 views • 37 slides
Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko

Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko

Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College London 1 In collaboration with: Matthew Arrott (OOI) Gary Brown (Red Hat) Stephen Henrie (OOI) Bippin Makoond

1.38k views • 80 slides
Efficient Cross-Layer Negotiation Bryan Ford Janardhan Iyengar MPI-SWS and Franklin &

Efficient Cross-Layer Negotiation Bryan Ford Janardhan Iyengar MPI-SWS and Franklin &

Efficient Cross-Layer Negotiation Bryan Ford Janardhan Iyengar MPI-SWS and Franklin & Marshall Yale University College Presented at HotNets-VIII, October 22, 2009 Tng: Transport Next Generation Project Support: NSF FIND grants

695 views • 37 slides
IPv6/IPv4 Translation for SIP Applications- Socket-Layer Translator and SIPv6 Translator Whai-

IPv6/IPv4 Translation for SIP Applications- Socket-Layer Translator and SIPv6 Translator Whai-

IPv6/IPv4 Translation for SIP Applications- Socket-Layer Translator and SIPv6 Translator Whai- -En Chen En Chen Whai Research Assistant Professor Department of Computer Science and Information Engineering National Chiao Tung University

1.21k views • 72 slides

More recommend