NAT – Network Address Translation

• IP address is a scarce resource.• So, give a company only one or a few IP

addresses used by the gateway router.• Within the company, each machine has an

unique IP address, chosen from – 10.0.0.0/8– 172.16.0.0/12– 192.168.0.0/16– These addresses can only appear within a company

but never on the outside Internet

NAT• Whenever a machine wants to send a packet to the

outside, the packet will be sent to the NAT box.• The NAT box will convert the internal IP address to the

real IP address of the company, and pass the packet to the gateway router.

• When there is a packet destined for an internal machine arrived at the router, what should the router and NAT box do?

• For IP packets carrying TCP or UDP, use port number. Other protocols are much more complicated.

NAT

• For IP packets carrying TCP or UDP, use port number. • When an outgoing packet arrives at the NAT box, – The IP address is replaced – The source port number is replaced – Header checksum is recomputed

• When a reply came for this process, use the replaced source port number as index to find the correct IP address and original port number.

ICMP• ICMP – Internet Control Message Protocol• Each ICMP message is encapsulated in an IP

packet– Treated like any other datagram, but no error

message sent if ICMP message causes error• Some interesting messages:– Time exceeded: When an IP packet arrived at a router

is dropped because the TTL field becomes 0, the router will send an ICMP TIME EXCEEDED message back to the source. Used in traceroute.

– Echo and Echo reply: ping.

Computer Science, FSU 5

Address Resolution

• IP address is virtual– Not understood by underlying the hardware of physical networks

• IP packets need to be transmitted by the underlying physical network

• Address resolution– Translating IP address to physical address– Address Resolution Protocol (ARP)

Computer Science, FSU 6

ARP Example

Computer Science, FSU 7

ARP Cache

• Each computer maintains a cache table– IP address hardware address mapping– Only about computers on the same network

• Exchanges ARP messages– To resolve IP addresses with unknown hardware

addresses

Computer Science, FSU 8

ARP Protocol• When a node sends an IP packet to another

node on the same physical network– Look up destination address in the ARP table– If not found• Broadcast a request to the local network• Whose IP address is this?

Computer Science, FSU 9

ARP Response

• The target node responds to sender (unicast?)– With its physical address– Adds the requester into its ARP table (why?)

• On receiving the response– Requester updates its table

• Other nodes upon receiving the request– Refresh the requester entry if already there– No action otherwise (why?)

• Table entries deleted if not refreshed for a while

TRY

• tcpdump -ennqti eth0 \( arp or icmp \)

DHCP

• DHCP – Dynamic Host Configuration Protocol• A new machine asks for an IP address– Broadcast DHCP DISCOVER packet– A DHCP relay agent got this packet and relay it to

the DHCP server– The DHCP server assigns an IP address

• Periodically renew

Hierarchical Routing

• aggregate routers into regions, “autonomous systems” (AS)

• routers in same AS run same routing protocol– “intra-AS” routing

protocol– routers in different

AS can run different intra-AS routing protocol

• special routers in AS• run intra-AS routing

protocol with all other routers in AS

• also responsible for routing to destinations outside AS– run inter-AS routing

protocol with other gateway routers

gateway routers

Intra-AS and Inter-AS routing

Gateways:•perform inter-AS routing amongst themselves•perform intra-AS routing with other routers in their AS

inter-AS, intra-AS routing in

gateway A.c

network layer

link layer

a

b

b

aaC

A

Bd

A.aA.c

C.bB.a

cb

c

Inter-AS routingbetween A and B

Intra-AS and Inter-AS routing

Host h2a

b

b

aaC

A

Bd c

A.aA.c

C.bB.a

cb

Hosth1

Intra-AS routingwithin AS A

Intra-AS routingwithin AS B

Why different Intra- and Inter-AS routing ?

Policy: • Inter-AS: admin wants control over how its traffic

routed, who routes through its net. • Intra-AS: single admin, so no policy decisions neededScale:• hierarchical routing saves table size, reduced update

trafficPerformance: • Intra-AS: can focus on performance• Inter-AS: policy may dominate over performance

Intra-AS Routing• Also known as Interior Gateway Protocols (IGP)• Most common IGPs:– RIP: Routing Information Protocol– OSPF: Open Shortest Path First– IGRP: Interior Gateway Routing Protocol (Cisco

proprietary)

OSPF

• Represents the network as a graph, and runs the shortest path algorithm to find the path to any router.

• Divide the network into areas for scalability. – The backbone area is called area 0– Route: local area backbone local area

OSPF

• Each area computes shortest paths.• Backbone routers also accept information from area

border routers to compute the shortest path to reach other routers. Then advertise this information to the border routers, who tells routers inside the area – To be able to select the best exit router in an area

Inter-AS routing

BGP

• From BGP point of view, three types of networks– Stub network (only one connection to the

network)– Multiconnected network (multiple connection,

but refuse to transmit traffic)– Transit network (backbone)

Internet Inter-AS routing: BGP

• BGP (Border Gateway Protocol): the de facto standard

• Path Vector protocol:– similar to Distance Vector protocol– each Border Gateway broadcast to neighbors

(peers) entire path (i.e, sequence of ASs) to destination

– E.g., Gateway X may send its path to dest. Z: Path (X,Z) = X,Y1,Y2,Y3,…,Z

Internet Inter-AS routing: BGP

• BGP messages exchanged using TCP.• BGP messages:– OPEN: opens TCP connection to peer and

authenticates sender– UPDATE: advertises new path (or withdraws old)– KEEPALIVE keeps connection alive in absence of

UPDATES; also ACKs OPEN request– NOTIFICATION: reports errors in previous msg;

also used to close connection

Internet Inter-AS routing: BGP

Suppose gateway X send its path to peer gateway W• W may or may not select path offered by X– cost, policy (don’t route via competitors AS), loop

prevention reasons.• If W selects path advertised by X, then:

Path (W,Z) = W, Path (X,Z)• Note: X can control incoming traffic by controlling its

route advertisements to peers:– e.g., don’t want to route traffic to Z don’t

advertise any routes to Z

BGP: an example

NLRI=128.186.0.0/16ASPATH=[0]

128.186.0.0/16

NLRI=128.186.0.0/16ASPATH=[10]

NLRI=128.186.0.0/16ASPATH=[10]

NLRI=128.186.0.0/16ASPATH=[210]

NLRI=128.186.0.0/16ASPATH=[610]

NLRI=128.186.0.0/16ASPATH=[610]

NLRI=128.186.0.0/16ASPATH=[210]

NLRI=128.186.0.0/16ASPATH=[7610]

NLRI=128.186.0.0/16ASPATH=[4210]

NLRI=128.186.0.0/16ASPATH=[3210]

[3210]*[4210][7610]