arp_l3-2_nat-dhcp_v1.0_20120620
TRANSCRIPT
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
1/34
Logo
Uso de NAT y DHCPUso de NAT y DHCPProtocolos y Aplicaciones Parte 2Protocolos y Aplicaciones Parte 2
Fredy Campos [email protected]
Carrera Profesional de Ingeniera Electrnica y TelecomunicacionesUniversidad Nacional Tecnolgica del Cono Sur de Lima
http://www.untecs.edu.pe/portal/
ver 1.1
2012
mailto:[email protected]://www.untecs.edu.pe/portal/http://www.untecs.edu.pe/portal/http://www.untecs.edu.pe/portal/mailto:[email protected] -
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
2/34
2
AgendaAgenda
Overview
NAT Concepts
NAT Types
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
3/34
3
ObjetivosObjetivos
Presentar el funcionamiento de NAT y aplicaciones
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
4/34
4
AgendaAgenda
Overview
NAT Concepts
NAT Types
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
5/345
Overview (1)Overview (1)Escalabilidad de InternetEscalabilidad de Internet
Limitacin de direcciones IP en IPv4 Busqueda de soluciones temporales
Network Address Translation (NAT) and Private Addressing
Allow organizations to use unregistered IP network numbers
internally and still communicate well with Internet
Classless Interdomain Routing (CIDR)
Allows ISPs to reduce the wasting of IP addresses by assigning a
company a subset of a network number rather than the entire
network.
CIDR also can allow ISPs to summarize routes such that multiple
Class A, B, or C networks match a single route, which helps
reduce the size of Internet routing tables.
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
6/346
Overview (2)Overview (2)Escalabilidad de InternetEscalabilidad de Internet
Problems with IPv4
- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
7/347
Overview (3)Overview (3)Escalabilidad de InternetEscalabilidad de Internet
Short term solution
- NAT: Network Address Translation
Problems with IPv4
- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
8/348
Overview (4)Overview (4)Escalabilidad de InternetEscalabilidad de Internet
Long term solution
- IPv6 = IPng (IP next generation)
- Provides an extended address range
Problems with IPv4
- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient
Short term solution
- NAT: Network Address Translation
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
9/34
9
Overview (5)Overview (5)CIDRCIDR
CIDR is a global address assignment convention,defining how the Internet Assigned Numbers Authority
(IANA)
Its member agencies, and ISPs should assign the globally
unique IPv4 address space to individual organizations.
CIDR is defined in RFC 4632
Main goals (in accord to RFC 4632)
Define address assignment for aggregating (summarizing)
multiple network numbers into a single routing entity (reducing
the Internet routers routing tables) Allow ISP's to assign address ranges to their customers of sizes
other than an entire Class A, B, or C network
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
10/34
10
Overview (6)Overview (6)CIDRCIDR
Route Aggregation for Shorter Routing Tables Ex. ISP 1 only use 198.0.0.0/8 to be reached by others
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
11/34
11
Overview (7)Overview (7)Private AddressingPrivate Addressing
When building a private network that will have noInternet connectivity, you can use IP network numbers
called private internets
They are defined in RFC 1918, Address Allocation for
Private Internets (http://www.ietf.org/rfc/rfc1918.txt). This RFC defines a set of networks that will never be assignedto any organization as a registered network number.
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
12/34
12
AgendaAgenda
Overview
NAT Concepts
NAT Types
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
13/34
13
NAT Concepts (1)NAT Concepts (1)FuncionamientoFuncionamiento
Private Network
- Uses private address range (local addresses)
- Local addresses may not be used externally
Public Network
- Uses public addresses
- Public addresses are globally unique
?
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
14/34
14
NAT Concepts (2)NAT Concepts (2)FuncionamientoFuncionamiento
Private Network
- Uses private address range (local addresses)
- Local addresses may not be used externally
Public Network
- Uses public addresses
- Public addresses are globally unique
NAT
- Translates between local addresses and public ones
- Many private hosts share few global addresses
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
15/34
15
NAT Concepts (3)NAT Concepts (3)FuncionamientoFuncionamiento
Change IP Address Router change source IP Address when packet leaves the
private organization
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
16/34
16
NAT Concepts (4)NAT Concepts (4)FuncionamientoFuncionamiento
Ventajas Public IP Address Sharing
Hosts can share a small number of public IP addresses.
Easier Expansion
Network devices are privately addressed and a public IP address
isn't needed for each one,
Greater Local Control
Greater Flexibility In ISP Service
Increased Security
The NAT translation represents a level of indirection. Thus, itautomatically creates a type of firewall between the organization's
network and the public Internet.
(Mostly) Transparent
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
17/34
17
NAT Concepts (5)NAT Concepts (5)FuncionamientoFuncionamiento
Desventajas Complexity
Problems Due to Lack of Public Addresses
Compatibility Problems With Certain Applications
Problems With Security Protocols
IPSec are designed to detect modifications to headers and
commonly balk at the changes that NAT makes, since they cannot
differentiate those changes from malicious datagram hacking.
Poor Support for Client Access
Performance Reduction
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
18/34
18
NAT Concepts (6)NAT Concepts (6)TerminologaTerminologa
NAT Address Terms Based on Device Location(Inside/Outside)
Inside Address
Any device on the organization's private network that is using NAT
is said to be on the inside network. Thus, any address that refers
to a device on the local network in any form is called an insideaddress.
Outside Address
The public internetthat is, everything outside the local network
is considered the outside network. Any address that refers to a
public Internet device is an outside address.Key Concept: In NAT, the terms inside and outside are used to identify the location of
devices. Inside addresses refer to devices on the organizations private network; outside
addresses refer to devices on the public Internet
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
19/34
19
NAT Concepts (7)NAT Concepts (7)TerminologaTerminologa
NAT Address Terms Based on Datagram Location(Local/Global)
Local Address
This term describes an address that appears in a datagram on the
inside network, whether it refers to an inside or outside address.
Global Address This term describes an address that appears in a datagram on the
outside network, again whether it refers to an inside or outside
address.
Key Concept: In NAT, the terms local and global are used to indicate in what network aparticular address appears. Local addresses are used on the organizations private
network (whether to refer to an inside device or an outside device); global addresses are
used on the public Internet (again, whether referring to an inside or outside device).
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
20/34
20
NAT Concepts (8)NAT Concepts (8)TerminologaTerminologa
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
21/34
21
NAT Concepts (9)NAT Concepts (9)TerminologaTerminologa
Combinando los trminos Inside local address The IPv4 address that is assigned to a host on the inside network
(inside an enterprise). An inside local is the actual IP address
assigned to a host in the private enterprise network. A more
descriptive term might be inside private.
Inside global address
A legitimate IPv4 address that is assigned by ISP that represents
one or more inside local IPv4 addresses to the outside world. NAT
uses an inside global address to represent the inside host as the
packet is sent through the outside network (Internet).
A more descriptive term: inside public, so the inside global address
represents the inside host with a public IP address that can be
used for routing in the public Internet.
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
22/34
22
NAT Concepts (10)NAT Concepts (10)TerminologaTerminologa
Combinando los trminos (cont.) Outside global address The IPv4 address that is assigned to a host on the outside network
by the host owner. The outside global address is allocated from a
globally routable address or network space.
Outside local address
The IPv4 address of an outside host as it appears to the inside
network. Not necessarily legitimate, the outside local address is
allocated from a routable address space on the inside.
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
23/34
23
NAT Concepts (11)NAT Concepts (11)TerminologaTerminologa
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
24/34
24
NAT Concepts (12)NAT Concepts (12)TerminologaTerminologa
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
25/34
25
AgendaAgenda
Overview
NAT Concepts
NAT Types
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
26/34
26
NAT Types (1)NAT Types (1)ClasificacinClasificacin
Segn Cisco los siguientes tipos comunes pueden serusados
Static NAT
Dynamic NAT
Overloading NAT with PAT
Segn los acadmicos los tipos generales son:
Unidirectional NAT (also called outbound or traditional NAT)
Bidirectional (inbound or two-way) NAT
Port-Based or Overloaded NAT (also called NAPT or PAT)
Overlapping NAT (also called Twice NAT).
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
27/34
27
NAT Types (2)NAT Types (2)Clasificacin comnClasificacin comn
Static NAT Maps an unregistered IPv4 address to a registered IPv4
address (one to one). Static NAT is particularly useful when a
device must be accessible from outside the network.
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
28/34
28
NAT Types (3)NAT Types (3)Clasificacin comnClasificacin comn
Dynamic NAT Maps an unregistered IPv4 address to a registered IPv4
address from a group of registered IPv4 addresses.
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
29/34
29
NAT Types (4)NAT Types (4)Clasificacin comnClasificacin comn
NAT Overloading Maps multiple unregistered IPv4 addresses to a single
registered IPv4 address (many to one) by using different ports.
Overloading is also known as PAT, and is a form of dynamic
NAT.
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
30/34
30
NAT Types (5)NAT Types (5)Clasificacin acadmicaClasificacin acadmica
Unidirectional NAT (also called outbound or traditional
NAT)
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
31/34
31
NAT Types (6)NAT Types (6)Clasificacin acadmicaClasificacin acadmica
Bidirectional (inbound or two-way) NAT
NAT T ( )
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
32/34
32
NAT Types (7)NAT Types (7)Clasificacin acadmicaClasificacin acadmica
Port-Based or Overloaded NAT (also called NAPT or
PAT)
NAT T (8)NAT T (8)
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
33/34
33
NAT Types (8)NAT Types (8)Clasificacin acadmicaClasificacin acadmica
Overlapping NAT (also called Twice NAT)
-
7/30/2019 ARP_L3-2_NAT-DHCP_v1.0_20120620
34/34
2012 | Fredy Campos | [email protected] Uso de NAT y DHCP @ F. Campos 34
Fredy Campos [email protected]
Carrera Profesional de Ingeniera Electrnica y TelecomunicacionesUniversidad Nacional Tecnolgica del Cono Sur de Lima
http://www.untecs.edu.pe/portal/
mailto:[email protected]:[email protected]://www.untecs.edu.pe/portal/http://www.untecs.edu.pe/portal/http://www.untecs.edu.pe/portal/mailto:[email protected]:[email protected]