© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets, 5e By Douglas E. Comer Lecture PowerPoints By Lami Kaya,
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.2 Chapter 23 Support Protocols And Technologies
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.3 Topics Covered 23.1 Introduction 23.2 Address Resolution 23.3 The Address Resolution Protocol (ARP) 23.4 ARP Message Format 23.5 ARP Encapsulation 23.6 ARP Caching And Message Processing 23.7 The Conceptual Address Boundary 23.8 Internet Control Message Protocol (ICMP) 23.9 ICMP Message Format And Encapsulation Protocol Software, Parameters, And Configuration Dynamic Host Configuration Protocol (DHCP)
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.4 Topics Covered DHCP Protocol Operation And Optimizations DHCP Message Format Indirect DHCP Server Access Through A Relay Network Address Translation (NAT) NAT Operation And Private Addresses Transport-Layer NAT (NAPT) NAT And Servers NAT Software And Systems For Use At Home
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Introduction This chapter –continues the discussion of internetworking by introducing four key support technologies: address binding error reporting bootstrapping address translation –Each technology handles a small problem –When combined with other protocols each makes a significant contribution to the overall functionality Future chapters –extend the discussion of internetworking by focusing on transport layer protocols and Internet routing protocols
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Address Resolution A crucial step of the forwarding process requires a translation: –forwarding uses IP addresses –a frame transmitted must contain the MAC address of the next hop –IP must translate the next-hop IP address to a MAC address The principle is: –IP addresses are abstractions provided by protocol software –Network does not know how to locate a computer from its IP address the next-hop address must be translated to an equivalent MAC address Translation from a computer's IP address to an equivalent hardware address is known as address resolution –And an IP address is said to be resolved to the correct MAC address Address resolution is local to a network
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Adres Çözümleme İletme işlemi nin en önemli basamağı dönüştürme gerektirir: –Yönlendrime IP adreslerini kullanır –İletilen bir frame bir sonraki hop un MAC adresini bilmelidir –IP, bir sonraki hop un Ip adresinin MAC a çevirir Prensip şudur: –IP adresleri soyutdur Protokol yazılımları tarafından sağlanır –Network bir bilgisayarı IP adresinden onun nasıl konumlandığını bilemez the next-hop address must be translated to an equivalent MAC address Bir bilgisayarın IP adresinden onun donanım adresinin çevrilmesine adres çözümleme olarak bilinir –And an IP address is said to be resolved to the correct MAC address Adres çözümleme bir network için local dir
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Address Resolution One computer can resolve the address of another computer only if both computers attach to the same physical network –A computer never resolves the address of a computer on a remote network –Address resolution is always restricted to a single network. For example, consider the simple internet in Figure 23.1
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Adres Çözümleme Eğer iki bilgisayar aynı fiziksel ağa bağlı ise, bir bilgisayar diğer bir bilgisayarın adresini çözümleyebilir. –Bir bilgisayar uzaktan erişilen ağda bulunan adresi asla çözemez –Adres çözümleme her zaman tek bağımsız bir ağ ile kısıtlıdır. For example, consider the simple internet in Figure 23.1
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved The Address Resolution Protocol (ARP) What algorithm does software use to translate? –The answer depends on the protocol and hardware addressing here we are only concerned with the resolution of IP Most hardware has adopted the 48-bit Ethernet In Ethernet: Address Resolution Protocol (ARP) Consider Figure 23.2 –Suppose B needs to resolve the IP address of C, – B broadcasts a request that says: “I'm looking for the MAC address of a computer that has IP address C‘” –The broadcast only travels across one network –An ARP request message reaches all computers on a network –When C receives a copy of the request along other hosts Only C sends a directed reply back to B that says: “I'm the computer with IP address C, and my MAC address is M”
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Address Resolution Protocol (ARP) Yazılım çevrime için hangi algoritmayı kullanır? –Cevap protokol ve donanım adreslemesine bağlıdır here we are only concerned with the resolution of IP Pek çok donanım 48-bitlik Ethernet e adapte edilir Enternette: Address Resolution Protocol (ARP) Figure 23.2yi düşünün –B, C nin IP adresini çözümlemek istiyor, – B şu bilgiyi içeren bir istek yayınlar: “ben C nin IP adresine sahip bilgisayarın MAC adresini arıyorum ” –Yayın sadece bir ağ üzerinden seyehat eder –Bir ARP istek mesajı ağ üzerindeki bütün bilgisayarlara ulaşır –C diğer hostlar gibi isteğin bir kopyasını aldığında Sadece C B ye direk cevap gönderir: “Ben C nin IP adresine sahip bilgisayarın ve Benim MAC adresimde M”
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved The Address Resolution Protocol (ARP)
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Message Format Rather than restricting ARP to IP and Ethernet –The standard describes a general form for ARP messages –It specifies how the format is adapted for each type of protocol Choosing a fixed size for a hardware address is not suitable –New network technologies might be invented that have addresses larger than the size chosen –The designers included a fixed-size field at the beginning of an ARP message to specify the size of the hardware addresses being used For example, when ARP is used with an Ethernet –the hardware address length is set to 6 octets because an Ethernet address is 48 bits long
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Message Format To increase the generality of ARP –the designers also included an address length field ARP protocol can be used to bind an arbitrary high-level address to an arbitrary hardware address In practice, the generality of ARP is seldom used –most implementations of ARP are used to bind IP addresses to Ethernet addresses Figure 23.3 illustrates the format of an ARP message –when the protocol is used with an IP version 4 address (4 octets) and Ethernet hardware address (6 octets) –each line of the figure corresponds to 32 bits of an ARP message
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Message Format
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Message Format HARDWARE ADDRESS TYPE – 16-bit field that specifies the type of hardware address being used – the value is 1 for Ethernet PROTOCOL ADDRESS TYPE – 16-bit field that specifies the type of protocol address being used – the value is 0x0800 for IPv4 HADDR LEN – 8-bit integer that specifies the size of a hardware address in bytes PADDR LEN – 8-bit integer that specifies the size of a protocol address in bytes OPERATION – 16-bit field that specifies whether the message request (the field contains 1) or response (the field the contains 2)
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Message Format SENDER HADDR – HADDR LEN bytes for the sender's hardware address SENDER PADDR – PADDR LEN bytes for the sender's protocol address TARGET HADDR – HADDR LEN bytes for the target's hardware address TARGET PADDR – PADDR LEN bytes for the target's protocol address
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Message Format As the figure shows 23.3 An ARP message contains fields for two address bindings –one binding to the sender –other to the intended recipient, ARP calls it target When a request is sent –the sender does not know the target's hardware address (that is the information being requested) therefore, field TARGET HADDR in an ARP request can be filled with zeroes (0s) because the contents are not used In a response –the target binding refers to the initial computer that sent the request –Thus, the target address pair in a response serves no purpose the inclusion of the target fields has survived from an early version of the protocol
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Encapsulation When it travels across a physical network –an ARP message is encapsulated in a hardware frame An ARP message is treated as data being transported –the network does not parse the ARP message or interpret fields Figure 23.4 illustrates ARP encapsulation in an Ethernet frame
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Encapsulation The type field in the frame header specifies that the frame contains an ARP message A sender must assign the appropriate value to the type field – before transmitting the frame And a receiver must examine the type field –in each incoming frame Ethernet uses type field 0x806 to denote an ARP message The same value is used for both ARP requests/ responses –Frame type does not distinguish between types of ARP messages –A receiver must examine the OPERATION field in the message to determine whether an incoming message is a request or a response
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Caching And Message Processing Sending an ARP request for each datagram is inefficient –Three (3) frames traverse the network for each datagram (an ARP request, ARP response, and the data datagram itself) Most communications involves a sequence of packets –a sender is likely to repeat the exchange many times To reduce network traffic –ARP software extracts and saves the information from a response so it can be used for subsequent packets –The software does not keep the information indefinitely Instead, ARP maintains a small table of bindings in memory ARP manages the table as a cache –an entry is replaced when a response arrives –the oldest entry is removed whenever the table runs out of space or after an entry has not been updated for a long period of time –ARP starts by searching the cache when it needs to bind an address
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.22 If the binding is present in the cache –ARP uses the binding without transmitting a request If the binding is not present in the cache –ARP broadcasts a request –waits for a response –updates the cache –and then proceeds to use the binding The cache is only updated when an ARP message arrives (either a request or a response) Algorithm 23.1 outlines the procedure for handling an incoming ARP message 23.6 ARP Caching And Message Processing
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ARP Caching And Message Processing
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.24 Check the text book for details of the algorithm For optimization, it is necessary to know two facts: –Most computer communication involves two-way traffic if a message from A to B, probability is high that a reply will be from B back to A –Each address binding requires memory a computer cannot store an arbitrary number of address bindings The first fact explains why extracting the sender's address binding optimizes ARP performance 23.6 ARP Caching And Message Processing
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved The Conceptual Address Boundary ARP provides an important conceptual boundary between MAC addresses and IP addresses: –ARP hides the details of hardware addressing –It allows higher layers of software to use IP addresses There is an important conceptual boundary imposed between the network interface layer and all higher layers Figure 23.5 illustrates the addressing boundary
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved The Conceptual Address Boundary
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Internet Control Message Protocol (ICMP) IP defines a best-effort communication service –datagrams can be lost, duplicated, delayed or delivered out of order It seems best-effort service does not need error detection! –But, IP attempts to avoid errors and to report problems when they occur We have already seen one example of error detection in IP: –Header checksum is used to detect transmission errors –When a host creates an IP datagram the host includes a checksum that covers the entire header –Whenever a datagram is received the checksum is verified to ensure that the header arrived intact The IP header contains a TIME TO LIVE field used to prevent a datagram from circulating forever –if the forwarding tables in routers incorrectly introduce a circular path
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Internet Control Message Protocol (ICMP) IP en iyi çalışma haberleşme servisini tanımlar –Datagram lar kaybolabilir, çoğaltılabilir veya sıraları dışında iletilebilir En iyi çalışma servisi hata tespitine ihtiyaç duymaz gibi görünebilir –Fakat, IP hataları önleme ve hata oluştuğunda problem rapor etme eğilimindedir Biz IP de hata tespiti için bir yöntem zaten görmüştük: –Header checksum iletim hatalarını tespit etmede kullanılır –Host bir Ip datagram oluşturduğunda Host bütün headerlarıda içeren bir checksum içerir –Datagram alındığında Checksum, headerların bozulmadan alındığını doğrular Ip header TIME TO LIVE alanı içerir, datagramın sonsuza dek ağda dolaşmsını önlemek için –if the forwarding tables in routers incorrectly introduce a circular path
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Internet Control Message Protocol (ICMP) Response to a checksum error is following: –Datagram must be discarded immediately without more processing –The receiver cannot trust any fields in the datagram header because the receiver cannot know which bits were altered –The receiver cannot send an error message back to the sender because the receiver cannot trust the source address in the header –Thus, the receiver has no option but to discard the damaged datagram IP includes a companion protocol, ICMP –It is used to report errors back to the original source IP and ICMP are co-dependent –IP depends on ICMP to report errors –and ICMP uses IP to carry error messages Many ICMP messages have been defined Figure 23.6 lists key ICMP messages and their purpose
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Internet Control Message Protocol (ICMP) Bir checksum hata cevabı şu şekildedir: –Datagram daha fazla işlem görmeden atılmalıdır –Alıcı datagramın headerlarından hiçbirine güvenmez because the receiver cannot know which bits were altered –Alıcı, gönderene herhangi bir hata mesajı göndermez because the receiver cannot trust the source address in the header –Böylece alıcının hasar görmüş datagramı atmaktan başka hiç bir seçeneği yoktur IP bir tane eş protokol içerir, ICMP –Bu orjinal kaynağa hataları geri göndermek için kullanılır IP ve ICMP birbirlerine bağımlıdır (co-dependent) –IP, ICMP nin hataları rapor etmesine bağlıdır –ve ICMP, IP yi hata mesajlarını taşımak için kullanır Pek çok ICMP nmesajı tanımlanmıştır Figure 23.6 lists key ICMP messages and their purpose
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Internet Control Message Protocol (ICMP)
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Internet Control Message Protocol (ICMP) As in the Figure 23.6, ICMP contains two message types: – messages used to report errors – messages used to obtain information For example – Time Exceeded and Destination Unreachable are for reporting errors when a datagram cannot be delivered successfully A destination is unreachable, if no route exists to the address A datagram times out if –either the TTL count in the header expires or –fragments of the datagram do not arrive before the timer expires Echo Request and Echo Reply do not correspond to an error –Instead, they are used by the ping application to test connectivity –When a host receives an echo request message ICMP software on a host or router sends an echo reply that carries the same data as the request
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Internet Control Message Protocol (ICMP) Figure 23.6 daki gibi, ICMP iki mesaj tipine sahiptir: –report errors (hata raporu) için kullanılan mesajlar –obtain information (bilgi elde etmek) için kullanılan mesajlar Örneğin – Time Exceeded ve Destination Unreachable hata raporlamadır when a datagram cannot be delivered successfully Bir hedef ulaşılamazdır(unreachable), eğer o adrese hiçbir rota mevcut değilse Bir datagram times out (zaman aşımı) olmuştur, eğer –TTL sayacının süresi dolmuş ise veya –Datagramın fragment ları, zamanlayıcı süresi dolmadan, hala gelmemiş ise Echo Request ve Echo Reply bir hata ile alakalı değildir –Bunun yerine, bağlantıyı test etmek için kullanılan ping uyğulamaları içindir –Bir host bir echo request aldıysa ICMP yazılımı isteğe karşı aynı datayı içeren echo reply gönderir
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ICMP Message Format And Encapsulation ICMP uses IP to transport each error message: –when a router has an ICMP message to send it creates an IP datagram and encapsulates the ICMP message in it –the ICMP message is placed in the payload area of the IP datagram –the datagram is then forwarded as usual with the complete datagram being encapsulated in a frame for transmission Figure 23.7 (below) illustrates the two levels of encapsulation
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved ICMP Message Format And Encapsulation ICMP messages do not have special priority –They are forwarded like any other datagram, with one minor exception If an ICMP error message causes an error –no error message is sent The reason should be clear: –the designers wanted to avoid the Internet becoming congested carrying error messages about error messages
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Protocol Software, Parameters, And Configuration Once a host or router has been powered on OS is started and the protocol software is initialized How does the protocol software in a host or router begin operation? For a router, the configuration manager must specify initial values for items such as –the IP address for each network connection –the protocol software to run –and initial values for a forwarding table –the configuration is saved, and a router loads the values during startup Host configuration usually uses a two-step process, known as bootstrapping –A protocol was invented to allow a host to obtain multiple parameters with a single request, known as the Bootstrap Protocol (BOOTP) –Currently, DHCP is used to take care of most configuration needed
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Dynamic Host Configuration Protocol (DHCP) Various mechanisms have been created to allow a host computer to obtain parameters An early mechanism known as the Reverse Address Resolution Protocol (RARP) allowed a computer to obtain an IP address from a server ICMP has Address Mask Request and Router Discovery messages –can obtain the address mask used and the address of a router Each of the early mechanisms was used independently –requests were broadcast and a host typically configured layers from lowest to highest DHCP allows a computer to join a new network and obtain an IP address automatically –The concept has been termed plug-and-play networking
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Dynamic Host Configuration Protocol (DHCP) Bir host bilgisayarın parametreleri elde etmesine imkan sağlayan pek çok mekanizma üretilmiştir En eski mekanizma, Reverse Address Resolution Protocol (RARP) olrak bilnir ve bir bilgisayarın bir serverdan IP adresi elde etmesine imkan sağlar ICMP Address Mask Request ve Router Discovery mesajlarına sahiptir –Adres maskesi ve bir router ın adresinin elde edilmesi Her eski mekanizma bağımsız olarak kullanılırdı –İstekler yayınlanırdı ve bir host en düşükten en yükseğe doğru katmanları konfigüre ederdi DHCP bir bilgisayarın yeni bir ağa bağlanmasına ve otomatik olarak IP adresi almasına imkan sağlar –The concept has been termed plug-and-play networking
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Dynamic Host Configuration Protocol (DHCP) When a computer boots –the client computer broadcasts a DHCP Request –the server sends a DHCP Reply DHCP uses the term offer to denote the message a server sends and we say that the server is offering an address to the client We can configure a DHCP server to supply two types of addresses: –permanently assigned addresses as provided by BOOTP or –a pool of dynamic addresses to be allocated on demand. Typically, a permanent address is assigned to a server, and a dynamic address is assigned to an arbitrary host In fact, addresses assigned on demand are not given out for an arbitrary length of time
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Dynamic Host Configuration Protocol (DHCP) When a computer boots –Client bilgisayarı bir DHCP Request yayınlar –Server bir DHCP Reply gönderir DHCP uses the term offer to denote the message a server sends and we say that the server is offering an address to the client Biz bir DHCP server ı iki tip adres desteklemsi için ayarlayabiliriz: –BOOTP tarafından sağlana kalıcı olarak atanan veya –İhtiyaca bağlı tahsisi edilen adres. Tipik olarak, kalıcı adres bir server a atanır, ve dinamik adres rasgele hostlara atanır Gerçekte, ihtiyaca bağlı atanan adresler rasgele süreler için dağıtılmaz
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Dynamic Host Configuration Protocol (DHCP) DHCP issues a lease on the address for a finite period –The use of leases allows a DHCP server to reclaim addresses When the lease expires –the server places the address to the pool of available addresses –this allows the address to be assigned to another computer When a lease expires, a host can choose to relinquish the address or renegotiate with DHCP to extend the lease. –Negotiation occurs concurrent with other activity Normally, DHCP approves each lease extension –A computer continues to operate without any interruption –However, a server may be configured to deny lease extension for administrative or technical reasons –DHCP grants absolute control of leasing to a server –If a server denies an extension request the host must stop using the address
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Dynamic Host Configuration Protocol (DHCP) DHCP adres üzerinden sınırlı bir süre için bir hak –Hakların kullanımı bir DHCP server a adresleri geri kazandırmaya imkan sağlar Hakların süresi dolduğunda –Server uygun adresler havuzuna adresi yerdeğiştirir –Bu adresin bir diğer bilgisayara atanmasına imkan sağlar Hakların süresi dolduğunda, bir host adresi başkasına bırakmayı veya nak süresini uzatmak için DHCP ile tekrar uzlaşmayı seçebilir. –Tekrar uzlaşma diğer aktiviteler ile eşzamanlı olabilir Normal olarak, DHCP her hak uzatma işlemini kabul eder –Bir bilgisayar her hangi kesilme olmadan işleme devam eder –Bununla birlikte, bir server yönetimsel veya teknik sebepler için hak uzatma işlemini reddetmeye ayarlanabilir –DHCP grants absolute control of leasing to a server –Eğer bir server uzatma isteğini reddederse Host adres kullanımını durdurmalıdır
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved DHCP Protocol Operation And Optimizations DHCP includes several important details that optimize performance, such as Recovery from loss or duplication –DHCP is designed to insure that missing or duplicate packets do not result in misconfiguration –If no response is received a host retransmits its request –If a duplicate response arrives a host ignores the extra copy Caching of a server address –once a host find a DHCP server the host caches the server's address Avoidance of synchronized flooding –DCHP takes steps to prevent synchronized requests
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved DHCP Message Format DHCP adopted a slightly modified version of the BOOTP message format Figure 23.8 illustrates the DHCP message format – OP specifies whether the message is a Request or a Response – HTYPE and HLEN fields specify the network hardware type and the length of a hardware address – FLAGS specifies whether it can receive broadcast or directed replies – HOPS specifies how many servers forwarded the request – TRANSACTION IDENTIFIER provides a value that a client can use to determine if an incoming response matches its request – SECONDS ELAPSED specifies how many seconds have elapsed since the host began to boot Except for OPTIONS (OP), each field in a DHCP message has a fixed size
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved DHCP Message Format
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved DHCP Message Format Later fields in the message are used in a response to carry information back to the host that sent a request –if a host does not know its IP address, the server uses field YOUR IP ADDRESS to supply the value –server uses fields SERVER IP ADDRESS and SERVER HOST NAME to give the host information about the location of a server – ROUTER IP ADDRESS contains the IP address of a default router DHCP allows a computer to negotiate to find a boot image –To do so, the host fills in field BOOT FILE NAME with a request –The DHCP server does not send an image
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Indirect DHCP Server Access Through A Relay DHCP broadcasts on the local network to find a server DHCP does not require each individual network to have a server –Instead, a DHCP relay agent forwards requests and responses between a client and the server At least one relay agent must be present on each network –and the relay agent must be configured with the address of the appropriate DHCP server When the server responds –the relay agent forwards the response to the client It may seem that using multiple relay agents is no better than using multiple DHCP servers
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Indirect DHCP Server Access Through A Relay Network managers prefer to manage multiple relay agents for two reasons First –In a network with one DHCP server and multiple relay agents, administration of addresses is centralized into a single device Thus, a network manager does not need to interact with multiple devices to change the lease policy or determine the current status Second –Many commercial routers contain a mechanism that provides DHCP relay service on all the networks to which the router attaches Relay agent facilities in a router are usually easy to configure –and the configuration is unlikely to change
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Network Address Translation (NAT) The Internet has expanded and addresses became scarce –subnet and classless addressing (CIDR) were introduced to help conserve addresses Another mechanism was invented that allows multiple computers at a site to share a single, globally valid IP address, known as Network Address Translation (NAT) NAT provides transparent communication –a host in the Internet always appears to receive communication from a single computer rather than from one of many computers at the site NAT runs as an in-line service –It must be placed on the connection between the Internet and a site Most implementations embed NAT in another device –such as a Wi-Fi wireless access point or an Internet router
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Network Address Translation (NAT) Internet genişledikçe, adresler sınırlı hale gelebilir –Alt ağ ve sınıfsız adresleme (CIDR) adreslerin muhafazasına yardım etmek için uygulanır Bir tane IP adresini paylaşan birden fazla bilgisayara imkan sağlayan bir diğer mekanizma icat edilmiştir. Network Address Translation (NAT) olarak bilinir. NAT transparent communication sağlar –Internetteki bir host herzaman bir sitedeki birden fazla bilgisayarlardan birisinden haberleşme almanın yerine tek bağımsız bir bilgisayardan haberleşme alıyor görünür NAT runs as an in-line service –Internet ile bir site arasındaki bağlantıya yerleştirilmelidir Pek çok implementasyon NAT ı bir başka aracın içine gömer. –Örnek olarak bir Wi-Fi wireless access point veya Internet router
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Network Address Translation (NAT) Figure 23.9 (below) illustrates a typical arrangement of a site that uses NAT
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses The goal of NAT is to provide an illusion When viewed from the Internet –the site appears to consist of a single host computer that has been assigned a valid IP address –all datagrams sent from the site appear to originate from one host –and all datagrams sent to the site appear to be sent to one host When viewed from a host in the site –the Internet appears to accept and route private addresses A single IP address cannot be assigned to multiple computers –if two or more computers use the same address conflicts arise because multiple computers will respond to an ARP request
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses NAT ın amacı bir aldatıcı görünüş(illusion) sağlamaktır Internetten bakıldığı zaman –Site uygun bir IP adres atanmış tek bir bilgisayar gibi görünür –Bütün datagramlar bir hostdan temellenmiş olarak görünen siteden gönderilir –Ve bütün datagramlar tek host gibi görünen bir siteye gönderilir Sitedeki bir host’a bakıldığında –Internet özel adresleri yönlendiren ve kabul eden gibi görünür Bir IP adresi birden fazla bilgisayara atanamayabilir –Eğer bir den fazla bilgisayar aynı IP yi kullanırsa Karışıklıklar çıkar çünkü birden fazla bilgisayar ARP request ine cevap verecektir
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses NAT solves the problem by using two (2) types of addresses –The NAT device itself is assigned a single globally-valid IP address as if the NAT device were a host on the Internet –Each computer at the site is assigned a unique private address also known as a nonroutable address Figure (below) lists address blocks that the IETF has designated as private
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses NAT 2 tip adresleme kullanarak problemleri çözer –NAT aracı kendisi bir globally-valid IP adrese atanır as if the NAT device were a host on the Internet –Sitedeki her bilgisayar bir eşsiz özel adrese (unique private address) atanır also known as a nonroutable address Figure (aşağıda) IETF nin özel olarak atadığı adres blokları listesi
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses Private addressing is only used inside a site Before a datagram from the site can be allowed onto the Internet –NAT must translate the private IP into a globally valid IP address NAT must translate the globally valid IP address in an incoming packet to a private address –before transferring a datagram to a host at the site Basic function of NAT is a two-way translation, such as –the source address translation as a datagram passes from the site to the Internet and –the destination address translation as a datagram passes from the Internet to the site
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses Özel adresleme sadece bir sitenin içerisinde kullanılır Internette bir siteden bir datagram kabul edilmeden önce –NAT özel IP yi bir globally valid IP adrese çevirmek zorundadır NAT gelen bir paketin içindeki globally valid IP adresini bir özel adrese çevirmelidir –Bir datagramı bir site içindeki bir host a göndermeden önce NAT ın basit fonksiyonu iki-yönlü çevirmedir, örneğin –Kaynak adres çevirmesi as a datagram passes from the site to the Internet and –Hedef adres çevirmesi as a datagram passes from the Internet to the site
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses Figure (below) illustrates the translations that occur in each direction
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses Most implementations of NAT use a translation table –to store the information needed to rewrite addresses. Figure (below) shows a translation table that corresponds to the address mapping in Figure 23.11
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Operation And Private Addresses NAt ın pek çok implementasyonu çevirme tabloları kullanır –İhtiyaç duyulan bilgileri depolamak için. Figure (aşağıda) Figure deki adreslerle ilgili çevirme tablosunu gösterir
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Transport-Layer NAT (NAPT) NAT handles situations in which each host at a site communicates with a unique server in the Internet If two hosts at the site attempt to communicate with remote server, X, –the translation table will contain multiple entries for X –and NAT will not be able to route incoming datagrams Basic NAT also fails in some situations, such as –Consider problems when two or more applications running on a given host at a site attempt simultaneous communication with different destinations on the Internet
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Transport-Layer NAT (NAPT) A variation of NAT, called Network Address and Port Translation (NAPT) avoid such problems: –It allows a site to have arbitrary numbers of applications running on arbitrary hosts all communicating simultaneously with arbitrary destinations throughout the Internet –most networking professionals assume the term NAT means NAPT Applications use protocol port numbers to distinguish among services In addition to a table of source and destination addresses –NAPT uses port numbers to associate each datagram with a TCP or UDP flow
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved Transport-Layer NAT (NAPT) Instead of stopping at the IP-layer –NAPT operates on transport-layer headers NAPT entries contain a 4-tuple of source and destination IP addresses and protocol port numbers To avoid a conflict –NAPT must choose an alternative TCP source port for the connections Figure (below) shows one possibility (web-server)
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT And Servers NAT system builds a translation table automatically –by watching outgoing traffic and establishing a new mapping whenever an application at the site initiates communication Automatic table construction does not work well for communication initiated from the Internet to the site –For example, if multiple computers at a site each run a web server the NAT device cannot know which computer should receive an incoming web connection A variant of NAT called Twice NAT has been created to allow a site to run multiple servers: –Twice NAT arranges for the NAT system to interact with the site's DNS server
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Software And Systems For Use At Home NAT is especially useful at a residence or small business that has a broadband connection –it allows a set of computers to share the connection without requiring the customer to purchase additional IP addresses A NAT software can make a PC to act as a NAT device Also, dedicated NAT hardware systems are available at low cost –Such systems are usually called wireless routers –The terminology is slightly misleading because such routers also provide wired connections for host computers Figure illustrates how such a router is connected
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved NAT Software And Systems For Use At Home