CT320

CT320: Network and System Administration

Fall 2017

NAT

See this page as a slide show

CT320: NAT

Thanks to:

for the contents of these slides.

Notation

IP datagram format, redux

 0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Version IHL Type of service Total length
Identification Flags Fragment offset
Time to live Protocol Header checksum
Source IP address
Destination IP address
Options (optional)
IP data payload (many bytes)

NAT: Network Address Translation

The problem:

Telephone Extensions

┌───────────┐                       ┌──────────────┐
│ Dr. McCoy │····               ····│ Dr. Faustus  │
└───────────┘   :               :   └──────────────┘
┌───────────┐   :               :   ┌──────────────┐
│ Dr. Evil  │···:               :···│ Dr. Jekyll   │
└───────────┘   :               :   └──────────────┘
┌───────────┐   :               :   ┌──────────────┐
│ Dr. Who   │···:               :···│ Dr. Pepper   │
└───────────┘   :               :   └──────────────┘
┌───────────┐   :   ┌───────┐   :   ┌──────────────┐
│ Dr. Zaius │···:···│  PBX  │···:···│ Dr. Dolittle │
└───────────┘   :   └───────┘   :   └──────────────┘
┌───────────┐   :       :       :   ┌──────────────┐
│ Dr. Doom  │···:       :       :···│ Dr. Zoidberg │
└───────────┘   :     phone     :   └──────────────┘
┌───────────┐   :    network    :   ┌──────────────┐
│ Dr. Teeth │····               ····│ Dr. Watson   │
└───────────┘                       └──────────────┘

Consider a doctors’ office. It has a dozen doctors. Each doctor has an office with a phone.

The solution: an internal phone exchange (PBX).

NAT

Internet      ┌────────┐       ┌─────────────┐
··············│ NAT    │·······│ 192.168.1.2 │
203.0.113.9   │ router │   :   └─────────────┘
              └────────┘   :   ┌─────────────┐
                           :···│ 192.168.1.3 │
                           :   └─────────────┘
                           :   ┌─────────────┐
                           ····│ 192.168.1.4 │
                               └─────────────┘

Similarly, NAT hides many hosts behind a NAT router.

Private Networks

Private Networks
CIDR rangeNumber of hosts
10.0.0.0/8224 (~16 million)
172.16.0.0/12220 (~1 million)
192.168.0.0/16216 (~65 thousand)

NAT: Network Address Translation

Internet       ┌────────┐       ┌─────────────┐
···············│ NAT    │·······│ 192.168.1.2 │
203.0.113.9    │ router │   :   └─────────────┘
               └────────┘   :   ┌─────────────┐
                            :···│ 192.168.1.3 │
                            :   └─────────────┘
                            :   ┌─────────────┐
                            ····│ 192.168.1.4 │
                                └─────────────┘

Remember how TCP works

If example.com connects via ssh to denver.cs.colostate.edu, the connection looks like this:

(example.com,6234) ◀────▶ (denver.cs.colostate.edu,22)

Why have the port 6234? So that when a reply packet from denver arrives, we know which program to send the reply to: the program listening on port 6234.

Without NAT

How does a typical transaction occur without NAT?

NAT: Implementation

Internet      ┌────────┐       ┌─────────────┐
··············│ NAT    │·······│ 192.168.1.2 │
203.0.113.9   │ router │   :   └─────────────┘
              └────────┘   :   ┌─────────────┐
                           :···│ 192.168.1.3 │
                           :   └─────────────┘
                           :   ┌─────────────┐
                           ····│ 192.168.1.4 │
                               └─────────────┘
WANLAN
ebay.com, 3345192.168.1.4, 5001
hp.com, 8765192.168.1.3, 5010

A NAT router must:

  • outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)

With NAT

┌─────────────┐     ┌────────┐     ┌─────────────┐
│ denver.cs.… │·····│ NAT    │·····│ 192.168.1.2 │
└─────────────┘     │ router │     └─────────────┘
 129.82.44.141      └────────┘
		  example.com

How does a typical transaction occur with NAT?

NAT: Network Address Translation

Modified: 2017-10-31T16:00

User: Guest

Check: HTML CSS
Edit History Source
Apply to CSU | Contact CSU | Disclaimer | Equal Opportunity
Colorado State University, Fort Collins, CO 80523 USA
© 2015 Colorado State University
CS Building