Network Address Translation…that indirection thing again
Some IP addresses are *not* globally unique; designated for local use/reuse
Host has local address “behind” the NAT device
NAT translates outgoing packet headers
Rewrites source IP address to be NAT’s IP address
Rewrites source port
Saves map of internal-external address/port mappings
NAT Example
Hypothetical example:
Source’s internal socket is IP 192.168.0.101, port 1341
Translated to IP 68.40.162.3 (address assigned to customer by IAP) port 5280
Traffic from NAT device identifies translated address/port as source
NAT forwards traffic sent to it (IP 68.40.162.3) with port 5280 to source host (192.168.0.101) using port 1341
NAT Advantages and Disadvantages
Rest of Internet unaffected
Transparent: benefit of indirection
Internal addresses don’t need to be globally unique
Allows simultaneous use: benefit of local namespace
Multiple hosts can share one external IP address
E.g., useful for home networks
…but protocols that depend on IP address of host (e.g., early versions of Kerberos) get confused
Host says it has an internal IP address
Different (external) address used for routing
The End-to-End Principle
If function needs to be done as endpoint-to-endpoint service, don’t implement it link-to-link
More generally, if function will need to be (re)done at higher layer, don’t do it at lower layer
Examples in TCP/IP
Error detection
Guaranteed delivery of packets
Not encryption -- implemented at higher layer
The End-to-End Principle
If function needs to be done as endpoint-to-endpoint service, don’t implement it link-to-link
More generally, if function will need to be (re)done at higher layer, don’t do it at lower layer
Examples in TCP/IP
Error detection
Guaranteed delivery of packets
Not encryption -- implemented at higher layer
No comments:
Post a Comment