iLab NAT / DHCP Florian Wohlfart Minoo Rouhi lastname @in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 6 – 17ws 1 / 39
Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 2 / 39
Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 3 / 39
Oral Attestations ◮ Make sure you confirmed your time slot! ◮ We assume you show up for your designated slot ◮ Attestation is required for passing the course 4 / 39
Bonus Credits Not only TCP BBR optional lab You are encouraged to improve the quality of the exercises ◮ feedback ◮ improvements (errors, typos) ◮ suggestions (questions, topics) Use ticket system and feedback form! 5 / 39
Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 6 / 39
Motivation: IPv4 Address Scarcity source: http://www.heise.de/newsticker/meldung/RIPE-72-Streit-um-letzte-IPv4-Adressen-3221309.html 7 / 39
Yearly Address Allocations source: P. Richter et al., A Primer on IPv4 Scarcity, ACM Computer Communication Review (2015) 8 / 39
Allocated Address Blocks source: P. Richter et al., A Primer on IPv4 Scarcity, ACM Computer Communication Review (2015) 9 / 39
IPv4 Address Allocation in 2012 source: A. Dainotti et al., Estimating Internet address space usage through passive measurements, ACM Computer Communication Review (2014) 10 / 39
IPv4 Address Scarcity: Mitigation Strategies ◮ a) more efficient use of the address space → e.g. use unrouted addresses, address trading 11 / 39
IPv4 Address Scarcity: Mitigation Strategies ◮ a) more efficient use of the address space → e.g. use unrouted addresses, address trading ◮ b) create more addresses → IPv6 11 / 39
IPv4 Address Scarcity: Mitigation Strategies ◮ a) more efficient use of the address space → e.g. use unrouted addresses, address trading ◮ b) create more addresses → IPv6 ◮ c) address sharing → NAT 11 / 39
a) IPv4 Address Market Address trading / company mergers ◮ in 2011 Microsoft bought 667K IPv4 addresses for 7.5M, that makes USD 11.25 per address source: http://www.theregister.co.uk/2011/03/24/microsoft_ip_spend ◮ in 2011 the bankrupt bookseller Borders offered 65K IPv4 addresses for USD 12 per address source: http://www.theregister.co.uk/2011/12/05/borders_flogs_ipv4_addys ◮ IPv4 Address Trading Portals e.g. http://addrex.net, http://www.iptrading.com, http://ipv4marketgroup.com Address pricing ◮ opaque, transactions not public ◮ further reading: Lee Howard, Internet Access Pricing in a Post-IPv4 Runout World, http://www.asgard.org/images/pricing_v1.3.docx 12 / 39
b) IPv6 Deployment ◮ Server-side: 24% of Top 1000 websites reachable over IPv6 source: http://www.worldipv6launch.org/measurements/ ◮ Client-side: 18% of Google visitors connect over IPv6 source: https://www.google.com/intl/en/ipv6/statistics.html https://www.google.com/intl/en/ipv6/statistics.html https://www.akamai.com/uk/en/about/our- thinking/state-of-the-internet-report/state-of-the- internet-ipv6-adoption-visualization.jsp 13 / 39
b) IPv6 Deployment (cont.) source: https://blogs.akamai.com/2015/06/three-years-since-world-ipv6-launch-strong-ipv6-growth-continues.html 14 / 39
c) Address Sharing: Private IPv4 Address Ranges Properties ◮ anyone can use these IP address ranges in their own network ◮ addresses are not routed in the public Internet ◮ Internet access through address translation → NAT Address Ranges ◮ RFC 1918 reserves the following IPv4 address ranges ◮ 10.0.0.0/8 ◮ 172.16.0.0/12 ◮ 192.168.0.0/16 ◮ RFC 6598 reserves an additional range for ISP networks ◮ 100.64.0.0/10 ◮ RFC 4193 specifies Unique Local IPv6 addresses ◮ fc00::/7 15 / 39
Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 16 / 39
Concept: Providing Internet Access for Private IPs Private Host Internet e.g. 192.168.1.42 ◮ outgoing packet: replace packet source with public endpoint 17 / 39
Concept: Providing Internet Access for Private IPs Private Host Internet e.g. 192.168.1.42 ◮ outgoing packet: replace packet source with public endpoint Private Host Internet e.g. 192.168.1.42 ◮ incoming packet: replace packet destination with local host 17 / 39
Network Address (and Port) Translation (NAT) Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 18 / 39
Network Address (and Port) Translation (NAT) Packet src: 192.168.1.43:3345 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 18 / 39
Network Address (and Port) Translation (NAT) Packet src: dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets 18 / 39
Network Address (and Port) Translation (NAT) Packet src: 1.2.3.4 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets 18 / 39
Network Address (and Port) Translation (NAT) Packet src: 1.2.3.4:4444 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets 18 / 39
Network Address (and Port) Translation (NAT) NAT translation table Packet L4 global endpoint local endpoint src: 1.2.3.4:4444 dst: 131.159.15.49:80 TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint 18 / 39
Network Address (and Port) Translation (NAT) NAT translation table Packet L4 global endpoint local endpoint src: 131.159.15.49:80 dst: 1.2.3.4:4444 TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint ◮ lookup mapping of private and public endpoint 18 / 39
Network Address (and Port) Translation (NAT) NAT translation table Packet Packet L4 global endpoint local endpoint src: 131.159.15.49:80 src: 131.159.15.49:80 dst: 192.168.1.43:3345 dst: TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 Private Host priv: 192.168.1.1 192.168.1.43 ◮ replace src IP (and port) in outgoing packets ◮ remember mapping of private and public endpoint ◮ lookup mapping of private and public endpoint ◮ replace dst IP (and port) in incoming packets 18 / 39
NAT in Practice Deployment ◮ today the majority of end users are located behind NAT (+ other middleboxes) ◮ no standardization of NAT → many different implementations ◮ transparent to the public Internet 19 / 39
NAT in Practice (contd.) Benefits ◮ effectively saves IP addresses: allows ∼ 65,000 simultaneous flows with a single public IP address ◮ address independence: public/private IP addresses can be changed independently ◮ topology hiding: devices inside local network are not explicitly addressable/visible from outside Problems ◮ connections can only be established from the local network ◮ ports should not be used to address hosts ◮ routers should not manipulate packets above layer 2 (end-to-end principle) 20 / 39
Recap: Textbook Internet Architecture HTTP protocol browser HTTP server TCP protocol TCP TCP router IP protocol IP protocol IP IP IP Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet driver protocol driver driver protocol driver Ethernet Ethernet 21 / 39
Real-World Internet Architecture: Middleboxes middlebox HTTP protocol HTTP protocol browser HTTP HTTP server TCP protocol TCP protocol TCP TCP TCP IP protocol IP protocol IP IP IP Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet protocol protocol driver driver driver driver Ethernet Ethernet 22 / 39
Protocols Affected by NAT characteristics of protocols that are affected by NAT (RFC 3027): ◮ server located in the local network ◮ any service behind NAT, peer-to-peer applications ◮ realm-specific IP address information in payload ◮ e.g. SIP, FTP ◮ bundled session applications ◮ protocols using multiple connections, e.g. active FTP ◮ unsupported protocols ◮ e.g. SCTP, IPsec 23 / 39
Example: Session Initiation Protocol (SIP) INVITE message: establish a session (e.g. VoIP call) between peers INVITE s i p : Callee@200 . 3 . 4 . 5 SIP /2.0 Via : SIP /2.0/UDP 192.168.1.5:5060 s r c : < s i p : Caller@192.168.1.5 > dst : <s i p : Callee@200 .3.4.5 > CSeq : 1 INVITE Contact : <s i p : Caller@192 .168.1.5:5060 > Content − Type : a p p l i c a t i o n /sdp v=0 o=A l i c e 214365879 214365879 IN IP4 192.168.1.5 c=IN IP4 192.168.1.5 t= 0 0 m =audio 5200 RTP/AVP 0 9 7 3 a=rtpmap :8 PCMU/8000 a=rtpmap :3 GSM/8000 24 / 39
Recommend
More recommend