internet lab ilab1 nat dhcp
play

Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics


  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 6 – WiSe 2018

  2. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 1/40

  3. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 2/40

  4. Bonus Credits You are encouraged to improve the quality of the exercises • feedback • improvements (errors, typos) • suggestions (questions, topics) Use ticket system and feedback form! 3/40

  5. Attestations No lecture during week of attestations • No lecture: 2018-12-12 • TLS and packet filtering lab will be 2 weeks • Lecture on this topic next week 4/40

  6. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 5/40

  7. Motivation: IPv4 Address Scarcity 6/40

  8. Yearly Address Allocations source: P . Richter et al., A Primer on IPv4 Scarcity, ACM Computer Communication Review (2015) 7/40

  9. Allocated Address Blocks source: P . Richter et al., A Primer on IPv4 Scarcity, ACM Computer Communication Review (2015) 8/40

  10. IPv4 Address Allocation in 2012 9/40 source: A. Dainotti et al., Estimating Internet address space usage through passive measurements, ACM Computer Communication Review (2014)

  11. IPv4 Address Scarcity: Mitigation Strategies • a) more efficient use of the address space → e.g. use unrouted addresses, address trading 10/40

  12. IPv4 Address Scarcity: Mitigation Strategies • a) more efficient use of the address space → e.g. use unrouted addresses, address trading • b) create more addresses → IPv6 10/40

  13. IPv4 Address Scarcity: Mitigation Strategies • a) more efficient use of the address space → e.g. use unrouted addresses, address trading • b) create more addresses → IPv6 • c) address sharing → NAT (and DHCP) 10/40

  14. a) IPv4 Address Market Address trading / company mergers • in 2011 Microsoft bought 667K IPv4 addresses for 7.5M USD (11.25 USD per IPv4 address) source: http://www.theregister.co.uk/2011/03/24/microsoft_ip_spend • in 2017 MIT started selling half of its 16 million IPv4 addresses source: https://www.networkworld.com/article/3191503/internet/mit-selling-8-million-coveted-ipv4-addresses-amazon-a-buyer.html • IPv4 address trading increases, 15-18 USD per IPv4 address source: http://www.circleid.com/posts/20180307_the_ipv4_market_2017_and_beyond/ Address pricing • opaque, transactions not public • further reading: Lee Howard, Internet Access Pricing in a Post-IPv4 Runout World, http://www.asgard.org/images/pricing_v1.3.docx 11/40

  15. b) IPv6 Deployment IPv6 support required from end-to-end: • server-side: Content Providers • network path: ISP Networks and Transit Providers • client-side: Content Consumers https://ams-ix.net/technical/statistics/sflow-stats/ipv6-traffic further reading: https://cdn.prod.internetsociety.org/wp-content/uploads/2017/08/IPv6_report_2017-0606.pdf 12/40

  16. b) IPv6 Deployment: Content Providers • 28% of Top 1000 websites reachable over IPv6 source: http://www.worldipv6launch.org/measurements/ • 15% of Top 1M websites reachable over IPv6 source: https://bgp.he.net/ipv6-progress-report.cgi • 98% of the 4M sites on Cloudflare use IPv6 source: https://blog.cloudflare.com/98-percent-ipv6/ • DNS: 98.4% of TLDs operate IPv6 nameservers source: https://bgp.he.net/ipv6-progress-report.cgi https://www.akamai.com/uk/en/about/our-thinking/state-of-the-internet-report/state-of-the-internet-ipv6-adoption-visualization.jsp 13/40

  17. b) IPv6 Deployment: ISP and Transit Networks • 24% of all ASes announce IPv6 prefixes source: http://v6asns.ripe.net/v/6 source: http://v6asns.ripe.net/v/6 14/40

  18. b) IPv6 Deployment: Content Consumers • 24% of Google visitors connect over IPv6 source: https://www.google.com/intl/en/ipv6/statistics.html http://www.circleid.com/posts/20180521_what_drives_ipv6_deployment/ 15/40

  19. c) Address Sharing: Private IPv4 Address Ranges Properties • anyone can use these IP address ranges in their own network • addresses are not routed in the public Internet • Internet access through address translation → NAT Address Ranges • RFC 1918 reserves the following IPv4 address ranges 10.0.0.0/8 • 172.16.0.0/12 • 192.168.0.0/16 • • RFC 6598 reserves an additional range for ISP networks 100.64.0.0/10 • • RFC 4193 specifies Unique Local IPv6 addresses fc00::/7 • 16/40

  20. Outline Meta IPv4 Address Scarcity NAT IPv6 Transition Techniques DHCP 17/40

  21. Concept: Providing Internet Access for Private IPs Private Host Internet e.g. 192.168.1.42 • outgoing packet: replace packet source with public endpoint 18/40

  22. Concept: Providing Internet Access for Private IPs Private Host Internet e.g. 192.168.1.42 • outgoing packet: replace packet source with public endpoint Private Host Internet e.g. 192.168.1.42 • incoming packet: replace packet destination with local host 18/40

  23. Network Address (and Port) Translation (NAT) Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 19/40

  24. Network Address (and Port) Translation (NAT) Packet src: 192.168.1.43:3345 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 19/40

  25. Network Address (and Port) Translation (NAT) Packet src: dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets 19/40

  26. Network Address (and Port) Translation (NAT) Packet src: 1.2.3.4 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets 19/40

  27. Network Address (and Port) Translation (NAT) Packet src: 1.2.3.4:4444 dst: 131.159.15.49:80 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets 19/40

  28. Network Address (and Port) Translation (NAT) Packet NAT translation table L4 global endpoint local endpoint src: 1.2.3.4:4444 dst: 131.159.15.49:80 TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets • remember mapping of private and public endpoint 19/40

  29. Network Address (and Port) Translation (NAT) Packet NAT translation table L4 global endpoint local endpoint src: 131.159.15.49:80 dst: 1.2.3.4:4444 TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets • remember mapping of private and public endpoint • lookup mapping of private and public endpoint 19/40

  30. Network Address (and Port) Translation (NAT) Packet Packet NAT translation table L4 global endpoint local endpoint src: 131.159.15.49:80 src: 131.159.15.49:80 dst: 192.168.1.43:3345 dst: TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets • remember mapping of private and public endpoint • lookup mapping of private and public endpoint • replace dst IP (and port) in incoming packets 19/40

  31. Network Address (and Port) Translation (NAT) NAT translation table L4 global endpoint local endpoint TCP 1.2.3.4:4444 192.168.1.43:3345 Private Host 192.168.1.42 Server NAT 131.159.15.49 Internet pub: 1.2.3.4 priv: 192.168.1.1 Private Host 192.168.1.43 • replace src IP (and port) in outgoing packets • remember mapping of private and public endpoint • lookup mapping of private and public endpoint • replace dst IP (and port) in incoming packets 19/40

  32. NAT in Practice Deployment • today the majority of end users are located behind NAT (+ other middleboxes) • no standardization of NAT → many different implementations • transparent to the public Internet 20/40

  33. NAT in Practice (contd.) Benefits • effectively saves IP addresses: allows ∼ 65,000 simultaneous flows with a single public IP address • address independence: public/private IP addresses can be changed independently • topology hiding: devices inside local network are not explicitly addressable/visible from outside Problems • connections can only be established from the local network • ports should not be used to address hosts • routers should not manipulate packets above layer 2 (end-to-end principle) 21/40

  34. Recap: Textbook Internet Architecture HTTP protocol browser HTTP server TCP protocol TCP TCP router IP protocol IP protocol IP IP IP Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet protocol protocol driver driver driver driver Ethernet Ethernet 22/40

Recommend


More recommend