Logo

Uso de NAT y DHCP

Protocolos y Aplicaciones Parte 2
Fredy Campos A.
f.campos@ieee.org
Carrera Profesional de Ingeniera Electrnica y Telecomunicaciones
Universidad Nacional Tecnolgica del Cono Sur de Lima
http://www.untecs.edu.pe/portal/
ver 1.1

2012

Agenda
Overview
NAT Concepts
NAT Types

Objetivos
Presentar el funcionamiento de NAT y aplicaciones

Agenda
Overview
NAT Concepts
NAT Types

Overview (1)
Escalabilidad de Internet

Limitacin de direcciones IP en IPv4

Busqueda de soluciones temporales
Network Address Translation (NAT) and Private Addressing
Allow organizations to use unregistered IP network numbers
internally and still communicate well with Internet

Classless Interdomain Routing (CIDR)

Allows ISPs to reduce the wasting of IP addresses by assigning a
company a subset of a network number rather than the entire
network.
CIDR also can allow ISPs to summarize routes such that multiple
Class A, B, or C networks match a single route, which helps
reduce the size of Internet routing tables.

Overview (2)
Escalabilidad de Internet
Problems with IPv4
- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient

Overview (3)
Escalabilidad de Internet
Problems with IPv4
- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient

Short term solution

- NAT: Network Address Translation

Overview (4)
Escalabilidad de Internet
Problems with IPv4
- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient

Short term solution

- NAT: Network Address Translation

Long term solution

- IPv6 = IPng (IP next generation)
- Provides an extended address range
8

Overview (5)
CIDR

CIDR is a global address assignment convention,

defining how the Internet Assigned Numbers Authority
(IANA)
Its member agencies, and ISPs should assign the globally
unique IPv4 address space to individual organizations.
CIDR is defined in RFC 4632

Main goals (in accord to RFC 4632)

Define address assignment for aggregating (summarizing)
multiple network numbers into a single routing entity (reducing
the Internet routers routing tables)
Allow ISP's to assign address ranges to their customers of sizes
other than an entire Class A, B, or C network
9

Overview (6)
CIDR

Route Aggregation for Shorter Routing Tables

Ex. ISP 1 only use 198.0.0.0/8 to be reached by others

10

Overview (7)
Private Addressing

When building a private network that will have no

Internet connectivity, you can use IP network numbers
called private internets
They are defined in RFC 1918, Address Allocation for
Private Internets (http://www.ietf.org/rfc/rfc1918.txt).
This RFC defines a set of networks that will never be assigned
to any organization as a registered network number.

11

Agenda
Overview
NAT Concepts
NAT Types

12

NAT Concepts (1)

Funcionamiento

Private Network
- Uses private address range (local addresses)
- Local addresses may not be used externally

Public Network
- Uses public addresses
- Public addresses are globally unique

13

NAT Concepts (2)

Funcionamiento
NAT
- Translates between local addresses and public ones
- Many private hosts share few global addresses

Private Network
- Uses private address range (local addresses)
- Local addresses may not be used externally

Public Network
- Uses public addresses
- Public addresses are globally unique

14

NAT Concepts (3)

Funcionamiento

Change IP Address
Router change source IP Address when packet leaves the
private organization

15

NAT Concepts (4)

Funcionamiento

Ventajas
Public IP Address Sharing
Hosts can share a small number of public IP addresses.

Easier Expansion
Network devices are privately addressed and a public IP address
isn't needed for each one,

Greater Local Control

Greater Flexibility In ISP Service
Increased Security
The NAT translation represents a level of indirection. Thus, it
automatically creates a type of firewall between the organization's
network and the public Internet.

(Mostly) Transparent
16

NAT Concepts (5)

Funcionamiento

Desventajas

Complexity
Problems Due to Lack of Public Addresses
Compatibility Problems With Certain Applications
Problems With Security Protocols
IPSec are designed to detect modifications to headers and
commonly balk at the changes that NAT makes, since they cannot
differentiate those changes from malicious datagram hacking.

Poor Support for Client Access

Performance Reduction

17

NAT Concepts (6)

Terminologa

NAT Address Terms Based on Device Location

(Inside/Outside)
Inside Address
Any device on the organization's private network that is using NAT
is said to be on the inside network. Thus, any address that refers
to a device on the local network in any form is called an inside
address.

Outside Address
The public internetthat is, everything outside the local network
is considered the outside network. Any address that refers to a
public Internet device is an outside address.
Key Concept: In NAT, the terms inside and outside are used to identify the location of
devices. Inside addresses refer to devices on the organizations private network; outside
addresses refer to devices on the public Internet
18

NAT Concepts (7)

Terminologa

NAT Address Terms Based on Datagram Location

(Local/Global)
Local Address
This term describes an address that appears in a datagram on the
inside network, whether it refers to an inside or outside address.

Global Address
This term describes an address that appears in a datagram on the
outside network, again whether it refers to an inside or outside
address.
Key Concept: In NAT, the terms local and global are used to indicate in what network a
particular address appears. Local addresses are used on the organizations private
network (whether to refer to an inside device or an outside device); global addresses are
used on the public Internet (again, whether referring to an inside or outside device).
19

NAT Concepts (8)

Terminologa

20

NAT Concepts (9)

Terminologa

Combinando los trminos

Inside local address
The IPv4 address that is assigned to a host on the inside network
(inside an enterprise). An inside local is the actual IP address
assigned to a host in the private enterprise network. A more
descriptive term might be inside private.

Inside global address

A legitimate IPv4 address that is assigned by ISP that represents
one or more inside local IPv4 addresses to the outside world. NAT
uses an inside global address to represent the inside host as the
packet is sent through the outside network (Internet).
A more descriptive term: inside public, so the inside global address
represents the inside host with a public IP address that can be
used for routing in the public Internet.
21

NAT Concepts (10)

Terminologa

Combinando los trminos (cont.)

Outside global address
The IPv4 address that is assigned to a host on the outside network
by the host owner. The outside global address is allocated from a
globally routable address or network space.

Outside local address

The IPv4 address of an outside host as it appears to the inside
network. Not necessarily legitimate, the outside local address is
allocated from a routable address space on the inside.

22

NAT Concepts (11)

Terminologa

23

NAT Concepts (12)

Terminologa

24

Agenda
Overview
NAT Concepts
NAT Types

25

NAT Types (1)

Clasificacin

Segn Cisco los siguientes tipos comunes pueden ser

usados
Static NAT
Dynamic NAT
Overloading NAT with PAT

Segn los acadmicos los tipos generales son:

Unidirectional NAT (also called outbound or traditional NAT)

Bidirectional (inbound or two-way) NAT
Port-Based or Overloaded NAT (also called NAPT or PAT)
Overlapping NAT (also called Twice NAT).
26

NAT Types (2)

Clasificacin comn

Static NAT
Maps an unregistered IPv4 address to a registered IPv4
address (one to one). Static NAT is particularly useful when a
device must be accessible from outside the network.

27

NAT Types (3)

Clasificacin comn

Dynamic NAT
Maps an unregistered IPv4 address to a registered IPv4
address from a group of registered IPv4 addresses.

28

NAT Types (4)

Clasificacin comn

NAT Overloading
Maps multiple unregistered IPv4 addresses to a single
registered IPv4 address (many to one) by using different ports.
Overloading is also known as PAT, and is a form of dynamic
NAT.

29

NAT Types (5)

Clasificacin acadmica

Unidirectional NAT (also called outbound or traditional

NAT)

30

NAT Types (6)

Clasificacin acadmica

Bidirectional (inbound or two-way) NAT

31

NAT Types (7)

Clasificacin acadmica

Port-Based or Overloaded NAT (also called NAPT or

PAT)

32

NAT Types (8)

Clasificacin acadmica

Overlapping NAT (also called Twice NAT)

33

Fredy Campos A.
f.campos@ieee.org
Carrera Profesional de Ingeniera Electrnica y Telecomunicaciones
Universidad Nacional Tecnolgica del Cono Sur de Lima
http://www.untecs.edu.pe/portal/

2012 | Fredy Campos | f.campos@ieee.org

Uso de NAT y DHCP @ F. Campos

34