cs 3700
play

CS 3700 Networks and Distributed Systems NAT (You Better Forward - PowerPoint PPT Presentation

Oct 02, 2022 •480 likes •1.03k views

CS 3700 Networks and Distributed Systems NAT (You Better Forward Those Ports) Revised 10/7/16 The IPv4 Shortage 2 Problem: consumer ISPs typically only give one IP address per-household Additional IPs cost extra More IPs may not

  1. CS 3700 
 Networks and Distributed Systems NAT (You Better Forward Those Ports) Revised 10/7/16

  2. The IPv4 Shortage 2 � Problem: consumer ISPs typically only give one IP address per-household � Additional IPs cost extra � More IPs may not be available

  3. The IPv4 Shortage 2 � Problem: consumer ISPs typically only give one IP address per-household � Additional IPs cost extra � More IPs may not be available � Today’s households have more networked devices than ever � Laptops and desktops � TV, bluray players, game consoles � Tablets, smartphones, eReaders

  4. The IPv4 Shortage 2 � Problem: consumer ISPs typically only give one IP address per-household � Additional IPs cost extra � More IPs may not be available � Today’s households have more networked devices than ever � Laptops and desktops � TV, bluray players, game consoles � Tablets, smartphones, eReaders � How to get all these devices online?

  5. Private IP Networks 3 � Idea: create a range of private IPs that are separate from the rest of the network � Use the private IPs for internal routing � Use a special router to bridge the LAN and the WAN � Properties of private IPs � Not globally unique � Usually taken from non-routable IP ranges (why?) � Typical private IP ranges � 10.0.0.0 – 10.255.255.255 � 172.16.0.0 – 172.31.255.255 � 192.168.0.0 – 192.168.255.255

  6. Private Networks 4 192.168.0.1 Private Network 192.168.0.2 Internet 192.168.0.0 66.31.210.69

  7. Private Networks 4 192.168.0.1 Private Network 192.168.0.2 Internet NAT 192.168.0.0 66.31.210.69

  8. Private Networks 4 192.168.0.1 192.168.0.1 Private Private Network Network 192.168.0.2 192.168.0.2 NAT Internet NAT 192.168.0.0 71.2.33.56 192.168.0.0 66.31.210.69

  9. Network Address Translation (NAT) 5 � NAT allows hosts on a private network to communicate with the Internet � Warning: connectivity is not seamless � Special router at the boundary of a private network � Replaces internal IPs with external IP by modifying packet headers ■ This is “Network Address Translation” � May also replace TCP/UDP port numbers � Maintains a table of active flows � Outgoing packets initialize a table entry � Incoming packets are rewritten based on the table

  10. Basic NAT Operation 6 Private Network Internet 192.168.0.1 66.31.210.69 74.125.228.67

  11. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Dest: 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67

  12. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67

  13. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Source: 66.31.210.69:2345 Dest: 74.125.228.67:80 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67

  14. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Source: 66.31.210.69:2345 Dest: 74.125.228.67:80 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:80 Dest: 66.31.210.69:2345

  15. Basic NAT Operation 6 Private Network Internet Source: 192.168.0.1:2345 Source: 66.31.210.69:2345 Dest: 74.125.228.67:80 Dest: 74.125.228.67:80 Private Address Public Address 192.168.0.1:2345 74.125.228.67:80 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:80 Source: 74.125.228.67:80 Dest: 192.168.0.1:2345 Dest: 66.31.210.69:2345

  16. Advantages of NATs 7 � Allow multiple hosts to share a single public IP

  17. Advantages of NATs 7 � Allow multiple hosts to share a single public IP � Allow migration between ISPs � Even if the public IP address changes, you don’t need to reconfigure the machines on the LAN

  18. Advantages of NATs 7 � Allow multiple hosts to share a single public IP � Allow migration between ISPs � Even if the public IP address changes, you don’t need to reconfigure the machines on the LAN � Load balancing � Forward traffic from a single public IP to multiple private hosts

  19. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67

  20. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 192.168.0.1

  21. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67

  22. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 66.31.210.69

  23. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67 Dest: 66.31.210.69

  24. Natural Firewall 8 Private Network Internet Private Address Public Address 192.168.0.1 66.31.210.69 74.125.228.67

  25. Concerns About NAT 9 � Performance/scalability issues � Per flow state! � Modifying IP and Port numbers means NAT must recompute IP and TCP checksums

  26. Concerns About NAT 9 � Performance/scalability issues � Per flow state! � Modifying IP and Port numbers means NAT must recompute IP and TCP checksums � Breaks the layered network abstraction

  27. Concerns About NAT 9 � Performance/scalability issues � Per flow state! � Modifying IP and Port numbers means NAT must recompute IP and TCP checksums � Breaks the layered network abstraction � Breaks end-to-end Internet connectivity � 192.168.*.* addresses are private � Cannot be routed to on the Internet � Problem is worse when both hosts are behind NATs

  28. Concerns About NAT 9 � Performance/scalability issues � Per flow state! � Modifying IP and Port numbers means NAT must recompute IP and TCP checksums � Breaks the layered network abstraction � Breaks end-to-end Internet connectivity � 192.168.*.* addresses are private � Cannot be routed to on the Internet � Problem is worse when both hosts are behind NATs � What about IPs embedded in data payloads?

  29. Port Forwarding 10 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67

  30. Port Forwarding 10 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Dest: 66.31.210.69:7000

  31. Port Forwarding 10 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Dest: 66.31.210.69:7000

  32. Port Forwarding 10 Private Network Internet Private Address Public Address 192.168.0.1:7000 *.*.*.*:* 192.168.0.1 66.31.210.69 74.125.228.67 Source: 74.125.228.67:8679 Source: 74.125.228.67:8679 Dest: 192.168.0.1:7000 Dest: 66.31.210.69:7000

  33. Hole Punching 11 � Problem: How to enable connectivity through NATs? NAT 1 NAT 2 192.168.0.2 192.168.0.1 59.1.72.13 66.31.210.69

  34. Hole Punching 11 � Problem: How to enable connectivity through NATs? NAT 1 NAT 2 192.168.0.2 192.168.0.1 59.1.72.13 66.31.210.69

  35. Hole Punching 11 � Problem: How to enable connectivity through NATs? NAT 1 NAT 2 192.168.0.2 192.168.0.1 59.1.72.13 66.31.210.69

  36. Hole Punching 11 � Problem: How to enable connectivity through NATs? NAT 1 NAT 2 192.168.0.2 192.168.0.1 59.1.72.13 66.31.210.69 � Two application-level protocols for hole punching � STUN � TURN

  37. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? 192.168.0.1 STUN Server 66.31.210.69

  38. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? What is my global IP address? 192.168.0.1 STUN Server 66.31.210.69

  39. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? What is my global IP address? 192.168.0.1 STUN Server 66.31.210.69

  40. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? What is my global IP address? Please echo my IP address 192.168.0.1 STUN Server 66.31.210.69

  41. STUN 12 � S ession T raversal U tilities for N AT � Use a third-party to echo your global IP address � Also used to probe for symmetric NATs/firewalls ■ i.e. are external ports open or closed? What is my global IP address? Please echo my IP address 192.168.0.1 STUN Server 66.31.210.69

Recommend

CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised

CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised

CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised 1/5/2020 Hello! 2 Welcome to CS 3700 Are you in the right classroom? Okay, good. Who am I? Professor Alden Jackson

861 views • 29 slides
CS 3700 Networks and Distributed Systems Bridging (From Hub to Switch by Way of Tree)

CS 3700 Networks and Distributed Systems Bridging (From Hub to Switch by Way of Tree)

CS 3700 Networks and Distributed Systems Bridging (From Hub to Switch by Way of Tree) Revised 8/19/15 Just Above the Data Link Layer 2 Bridging How do we connect LANs? Application Function: Presentation Route packets

1.44k views • 122 slides
CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised

CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised

CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised 10/26/2016 Outline 2 Consistent Hashing Structured Overlays / DHTs Key/Value Storage Service 3 Imagine a simple service that stores

1.8k views • 177 slides
CS 3700 Networks and Distributed Systems Internet Architecture (Layer cake and an hourglass)

CS 3700 Networks and Distributed Systems Internet Architecture (Layer cake and an hourglass)

CS 3700 Networks and Distributed Systems Internet Architecture (Layer cake and an hourglass) Revised 1/08/2020 Last class recap... 2 This is not a history course Communication is fundamental to human nature Key concepts have

1.91k views • 131 slides
H1 / Q2-FY19 Earnings Presentation At a Glance 2 One of the largest content houses with 3700+

H1 / Q2-FY19 Earnings Presentation At a Glance 2 One of the largest content houses with 3700+

SHEMAROO ENTERTAINMENT LIMITED H1 / Q2-FY19 Earnings Presentation At a Glance 2 One of the largest content houses with 3700+ Offering content to most Bollywood services across Over 55 years experience as a Household Media Brand content

402 views • 18 slides
CS 3700 Networks and Distributed Systems P2P and BitTorrent (Why is Lars Ulrich So Angry?)

CS 3700 Networks and Distributed Systems P2P and BitTorrent (Why is Lars Ulrich So Angry?)

CS 3700 Networks and Distributed Systems P2P and BitTorrent (Why is Lars Ulrich So Angry?) Revised 10/21/16 Traditional Internet Services Model 2 Client-server Many clients, 1 (or more) server(s) Web servers, DNS, file

2.25k views • 190 slides
Laurie Adelhardt | ag@owlcreek.net | 410.705.3700 Susanne Zilberfarb | susanne@hammondmedia.com |

Laurie Adelhardt | ag@owlcreek.net | 410.705.3700 Susanne Zilberfarb | susanne@hammondmedia.com |

Laurie Adelhardt | ag@owlcreek.net | 410.705.3700 Susanne Zilberfarb | susanne@hammondmedia.com | 410.430.2613 GOAL: Introduce the face behind the farm to build consumer trust in Maryland farming. www.mymdfarmers.com @mymdfarmers

657 views • 26 slides
ANALYSIS OF CREDIT PORTFOLIO FCERA May 2014 SEATTLE | 206.622.3700 LOS ANGELES | 310.297.1777

ANALYSIS OF CREDIT PORTFOLIO FCERA May 2014 SEATTLE | 206.622.3700 LOS ANGELES | 310.297.1777

ANALYSIS OF CREDIT PORTFOLIO FCERA May 2014 SEATTLE | 206.622.3700 LOS ANGELES | 310.297.1777 www.wurts.com E X E C U T I V E S U M M A R Y Since the asset liability study was presented in mid-2013, spreads for High Yield (HY) and

308 views • 9 slides
REAL EST REAL ESTATE TE Over Rs.100,000 CR. Rs. 3700 cr. Sales recorded Estimated revenue

REAL EST REAL ESTATE TE Over Rs.100,000 CR. Rs. 3700 cr. Sales recorded Estimated revenue

THE ONE OF INDIAS INCREDIBLE GROWTH STORY Over 130 lacs sq. ft. Over 100 lacs sq. ft. of projects delivered of area under development REAL EST REAL ESTATE TE Over Rs.100,000 CR. Rs. 3700 cr. Sales recorded Estimated revenue potential

745 views • 47 slides
Community Arts Advisory Committee Meeting #1 July 15, 2019 | 6:30 8:30 p.m. 3700 South Four

Community Arts Advisory Committee Meeting #1 July 15, 2019 | 6:30 8:30 p.m. 3700 South Four

Community Arts Advisory Committee Meeting #1 July 15, 2019 | 6:30 8:30 p.m. 3700 South Four Mile Run Drive agenda INTRODUCTIONS MOVING FORWARD Welcome Story Circle Introductions Interview Findings Planning the Work

490 views • 27 slides
Community Arts Advisory Committee Meeting #3 August 29, 2019 | 6:30 8:30 p.m. 3700 South

Community Arts Advisory Committee Meeting #3 August 29, 2019 | 6:30 8:30 p.m. 3700 South

Community Arts Advisory Committee Meeting #3 August 29, 2019 | 6:30 8:30 p.m. 3700 South Four Mile Run Drive agenda INTRODUCTIONS 5 minutes MOVING FORWARD 90 minutes Subcommittee Report Out (Scenic Welcome Shop/Costume

535 views • 26 slides
CS 3700 Networks and Distributed Systems Inter Domain Routing (Its all about the Money)

CS 3700 Networks and Distributed Systems Inter Domain Routing (Its all about the Money)

CS 3700 Networks and Distributed Systems Inter Domain Routing (Its all about the Money) Revised 10/03/19 Network Layer, Control Plane 2 Function: Set up routes between networks Data Plane Key challenges: Application

942 views • 66 slides
CS 3700 Networks and Distributed Systems Intro to Distributed Systems Revised 10/01/15

CS 3700 Networks and Distributed Systems Intro to Distributed Systems Revised 10/01/15

CS 3700 Networks and Distributed Systems Intro to Distributed Systems Revised 10/01/15 Application Layer 2 Function: Application Whatever you want Presentation Implement your app using the network Session Key challenges:

862 views • 32 slides
Real Assets Outlook Table of contents VERUSINVESTMENTS.COM SEATTLE 206-622-3700 LOS ANGELES

Real Assets Outlook Table of contents VERUSINVESTMENTS.COM SEATTLE 206-622-3700 LOS ANGELES

JULY 2017 Real Assets Outlook Table of contents VERUSINVESTMENTS.COM SEATTLE 206-622-3700 LOS ANGELES 310-297-1777 SAN FRANCISCO 415-362-3484 Executive summary 3 U.S. economics - Inflation 6 Outlook summary 7 Current conditions and 10

647 views • 36 slides
The Cottages-3700 Cedar Hill Road Dawson Heights Housing Ltd. Neighbourhood Association Meeting-

The Cottages-3700 Cedar Hill Road Dawson Heights Housing Ltd. Neighbourhood Association Meeting-

The Cottages-3700 Cedar Hill Road Dawson Heights Housing Ltd. Neighbourhood Association Meeting- January 11, 2018 1. Project Overview 2. About the Applicant 3. Site Context Presentation 4. Planning Framework & Policies Outline 5.

279 views • 17 slides
Community Arts Advisory Committee Meeting #2 August 8, 2019 | 6:30 8:30 p.m. 3700 South

Community Arts Advisory Committee Meeting #2 August 8, 2019 | 6:30 8:30 p.m. 3700 South

Community Arts Advisory Committee Meeting #2 August 8, 2019 | 6:30 8:30 p.m. 3700 South Four Mile Run Drive agenda INTRODUCTIONS 20 minutes MOVING FORWARD 85 minutes Welcome Overview of Tools & Models Introductions

160 views • 15 slides
CS 3700 Networks and Distributed Systems Crash Course in C Sockets (Prepare yourself for

CS 3700 Networks and Distributed Systems Crash Course in C Sockets (Prepare yourself for

CS 3700 Networks and Distributed Systems Crash Course in C Sockets (Prepare yourself for Project 1) Revised 8/19/15 Socket Programming 2 Goal: familiarize yourself with socket programming Why am I presenting C sockets? Because

823 views • 49 slides
How we treat Cruise Ship` Diamond Princess` with 3700 passengers Ichiro Takeuchi Chief Professor

How we treat Cruise Ship` Diamond Princess` with 3700 passengers Ichiro Takeuchi Chief Professor

How we treat Cruise Ship` Diamond Princess` with 3700 passengers Ichiro Takeuchi Chief Professor Yokohama City University E-mail itake@myad.jp Japanese Corona(+) 1 st case In Japan COVID-19 1 st case was January 16 and then, we have made

723 views • 29 slides
CS 3700 Networks and Distributed Systems Data Link (The Etherknot Notwork) Revised 9/14/16

CS 3700 Networks and Distributed Systems Data Link (The Etherknot Notwork) Revised 9/14/16

CS 3700 Networks and Distributed Systems Data Link (The Etherknot Notwork) Revised 9/14/16 Data Link Layer 2 Function: Send blocks of data (frames) between Application physical devices Regulate access to the physical media

2.65k views • 195 slides
CS 3700 Networks and Distributed Systems Network Layer (Putting the Net in Internet) Revised

CS 3700 Networks and Distributed Systems Network Layer (Putting the Net in Internet) Revised

CS 3700 Networks and Distributed Systems Network Layer (Putting the Net in Internet) Revised 10/3/19 Network Layer 2 Function: Route packets end-to-end on a Application network, through multiple hops Key challenge:

2.19k views • 172 slides
CS 3700 Networks and Distributed Systems Time and Logical Clocks Revised 3/24/16 Global

CS 3700 Networks and Distributed Systems Time and Logical Clocks Revised 3/24/16 Global

CS 3700 Networks and Distributed Systems Time and Logical Clocks Revised 3/24/16 Global Time 2 In practice, we act like there is a global notion of time But, time is relative Einstein showed speed of light constant for all

1.15k views • 49 slides
CS 3700 Networks and Distributed Systems Physical Layer (The layer for EE majors) Revised

CS 3700 Networks and Distributed Systems Physical Layer (The layer for EE majors) Revised

CS 3700 Networks and Distributed Systems Physical Layer (The layer for EE majors) Revised 8/19/15 Physical Layer 2 Function: Get bits across a physical medium Application Key challenge: Presentation How to represent

589 views • 21 slides
CS 3700 Networks and Distributed Systems A Brief History of the Internet (Hint: Al Gore is

CS 3700 Networks and Distributed Systems A Brief History of the Internet (Hint: Al Gore is

CS 3700 Networks and Distributed Systems A Brief History of the Internet (Hint: Al Gore is not involved) Revised 9/5/19 What is a Communications Network? 2 What is a Communications Network? 2 Pair up with a neighbor (or two)

810 views • 57 slides
The Photometric Performance of NICMOS L. Colina 1 Space Telescope Science Institute, 3700 San

The Photometric Performance of NICMOS L. Colina 1 Space Telescope Science Institute, 3700 San

1997 HST Calibration Workshop Space Telescope Science Institute, 1997 S. Casertano, et al., eds. The Photometric Performance of NICMOS L. Colina 1 Space Telescope Science Institute, 3700 San Martin Drive, MD 21218 M.J. Rieke University of

483 views • 10 slides

More recommend