Exercises for Course 2G1305: Internetworking, Period 3 2004

IMIT
Laboratory of Communication Networks (LCN)

Exercises 2G1305

Internetworking
Additional Exercises
Solutions
Recitation 1
1. The following steps will be taken
1) Host A will send (broadcast) ARP req via bridge to ask for MAC addr of host B
2) Bridge will see that MAC addr x is on port 0
3) Host B and C will receive ARP request, and see that IP addr A is mapped to MAC addr
4) Host B will send (unicast) ARP reply to Host A
5) Bridge will see that MAC addr y is on port 2
6) Bridge consults learning table and forwards ARP reply onto port 0

1(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

7) Host A will receive ARP reply and see that IP addr B is mapped to MAC addr y
8) Host A will send IP packet to Host B
9) Bridge consults learning table and forwards packet onto port 2

Host C, ARP cache

Host C IP MAC
A x
IP addr: C
MAC addr: z

1
Host A 0 Bridge 2 Host B
IP addr: A IP addr: B
MAC addr: x MAC addr: y

Host A, ARP cache Bridge Learning Table Host B, ARP cache

IP MAC MAC Port no IP MAC
B y x 0 A x
y 2

2. (See lecture notes on VLAN for figures) The VLAN concept allows separate LANs among
ports on a switch. Like a LAN, a VLAN is a territory over which broadcast traffic is delivered -
a broadcast domain. With LANs, groups of hosts can be kept separated into different broadcast
domains. Keep hosts that need to communicate a lot with each other within the same VLAN.

3. The purpose of the algorithm is to have bridges discover a subset of the topology that is loop-
free (a tree). The tree shall have just enough connectivity so that there is a path between every
pair of segments (where physically possible). The process is roughly as follows:
• An ID is assigned to each bridge and a cost to each port
• One bridge is elected the root bridge (normally the one with lowest ID number)
• Each bridge determines its root port, the port with the least root path cost
• One designated bridge is chose for each segment
• Select ports to be included in the spanning tree
• Data traffic is being forwarded only to/from ports included in the spanning tree

2(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

Recitation 2
-- Forouzan exercises only --

Recitation 3
4. *The disadvantages are that the routers must store fragments in order to make reassembly, and
this makes the router keep state and makes the routers more complex. Moreover, it allows each
fragment to be routed independently which could be a good thing for some load balancing
scenarios. However, one might claim that you would like all fragments to follow the same path
- for reordering purposes, for example.

5. * It is there to detect and avoid loops. A router will not forward and decrement the TTL for
datagrams with TTL = 0 or 1. The TTL should therefore never reach 0 in an IP datagram on a
network!

6. *Application data: 4000 bytes , add UDP (8) and IP (20) headers. Fragment, first into three
frames, then further split into six frames. Each frame has a 14-byte header and 4-byte trailer:

ETH IP UDP APPL CRC

ETH IP APPL CRC

ETH IP APPL CRC

ETH IP APPL CRC

ETH IP APPL CRC

ETH IP APPL CRC

Count the header lengths and add application data:

APPL: 4000
UDP: 1* 8
IP: 6* 20
ETH 6* 18 (hdr + trailer)
------------------------
SUM: 4236

3(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

7. On an ethernet, 255.255.255.255 translates to ff:ff:ff:ff:ff:ff and is received by every router on

the local network. 224.0.0.1 translates to 01:00:5e:00:00:01 and is received by systems that
have explicitly instructed their interfaces to receive IP multicast datagrams, and especially that
address.

8. Yes, if there are no hosts on a specific interface that belong to a given group, the router does not
need to forward traffic on that interface.

Recitation 4
9. There are 8200 bytes of data for IP to send (8192 bytes UDP data and 8 bytes UDP header). We
use the "tcpdump" notation:
Fragment 1: 1480@0+ (1480 bytes of data, offset of 0, and more fragments bit set)
Fragment 2: 1480@1480+, Fragment 3: 1480@2960+, Fragment 4: 1480@4440+,
Fragment 5: 1480@5920+, Fragment 6: 800@7400 (no more fragments).

10.
10a). min(RTT) =2*up-link delay + 2*down-link delay
= 2*(36,000,000/300,000,000)+2*(36,000,000/300,000,000)
= 0.48 s.
10b). delay * bandwidth = 0.48s * 100 Mbps = 48 Mb.
The delay * bandwidth product is important because it corresponds to the amount of data sent
when the sender receives the acknowledgement from the receiver that the first bit has arrived at
the receiver. If the receiver says, "stop sending", it might receive that much data before the
sender manages to respond. In our case, this corresponds to 48M bits of data.
10c). min(T) = min(T) for up-link + min(T) for down-link = (2*tp+tf) + (2*tp+tf) = 4*tp+ 2*tf
= 4*(36,000 000/3,000 000 00) + 2* (25*8/100) = 4.48 s
This accounts for the propagation delay the first segment encounters (up-link + down-link), the
time actually needed to transmit the 25MB of data and finally the propagation delay for the last
acknowledgement. If the SYN-flag for the active open is included in the first data segment and
the FIN-flag from the receiver is included in the segment containing the last ACK, then
connection establishment and connection termination don’t add up additional time.

11. Terrestial link: capacity = throughput x RTT = 120,000 bits/sec x 128 ms = 1920 bytes
Satellite link: capacity = throughput x RTT = 33,000 bits/s x 500 ms = 2062 bytes
It appears that the receiving TCP advertises a 2 K size window.

For optimal throughput on the satellite link:

Capacity = bandwidth x RTT = 256,000 bits/s x 500 ms = 16 000 bytes

12. With 512 bytes per packet, the transfer would require 32768/512 = 64 packets.
Using stop-and-wait means that the total time for the transfer would be 64 x 1.5 s = 96 seconds.

4(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

Recitation 5
13. Count to infinity
13a). Triggered Update. When the link goes down, and Netw1 becomes unreachable, R1
immediately sends sets the cost to 16 in its routing table and sends this to R2, which in turn
changes its route to 16.
13b). Split Horizon. If a router has received route update information from an interface, then it
may not send back updated information on the interface. This means that R2 will not send an
update to R1 on L2 and R1 will not be fooled into updating its entry to 3.
13c). Poison Reverse. In this case, if a router receives routes from one interface, it will set these
to 16 when they are returned on that interface. In the example, R2 will send cost 16 to R1 for
reaching Netw1, regardless of whether Netw1 is reachable or not.
13d). Hold-down. Ignore information about a route for a fixed period of time following the
message that a network is unreachable. In our case, R1 would ignore R2:s message for the hold-
down time, instead, R1’s information will eventually spread to R2 instead.

14. OSPF Designated routers

14a). A designated router is a router that represents a network, typically a LAN with many
hosts and routers connected to it.
14b). It is used to simplify the problem of communicating between neighbours on such a
network: instead of communicating with a full mesh, the communication can be relayed via the
designated router (cf designated bridge in L2 spanning tree calculation). It is the designated
routers role to send LSA on behalf of the network it represents.
14c). A designated router is chosen by election using the Hello protocol. The node with the
highest priority field is chosen as designated router. If this is a draw, the routerid is used.
14d). R1 is designated router for N1 since there is no other router on the network; R1, R5 or R6
can be DR for N2; R3, R4, R5 or R6 can be DR for N3.

5(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

14e).
N1
3 3
6
R1 R2
6
5 0
N2
2
0 4 0
3
R5 R6 R7
4
5 0 3
0
N3
0 2 0 6

R3 R4

15. Shortest path

6
R1 R2
3
N1 5
N2

4
R5 R6 R7

N3
2 6

R3 R4

15a). Graphical

6(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

15b).

R1 R1
a) b)

3
2 R1
c)
R2 4
R2 R3 R4
5

5 R2 4
R3 R4

R5 3

16. LSAs
16a). Router Link LSA (type 1), Network Link LSA (type 2), Summary link to network (Type
3), Summary link to AS boundary router (type 4), external link (type 5).
16b). Network link LSA

OSPF Header, type 4 (Link state update)

LSA Header, type:2 (Network Link LSA)

Network mask: 255.255.255.0

Attached host: 10.24.7.15

Attached host: 10.24.7.16

Attached host: 10.24.7.17

16c). Router Link LSA

OSPF Header, type 4 (Link state update)

LSA Header, type:1 (Router Link LSA), 3 links

Link1: type: 3 (Stub link) 10.24.8.0/24, metric: 3

Link2: type: 1 (p-t-p) 10.24.7.10, metric: 6

Link3: type: 2 (transient) 10.24.7.16 (DR), 10.24.7.15

(router address on the network) metric:5

7(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

The network link LSA represents a network with connections to multiple routers. We can only
assign a cost to a packet passing through the network, we cannot charge for it twice. Therefore, there
is a cost from a true router to the designated router, but no cost from the designated router to a true
router.

17. With the introduction of path vectors it is possible to resolve routing loops in a fast way, simply
by inspecting the path to a route: if the same AS occurs in the path you simply drop the route.
This is not possible with metrics which only is a scalar value.

18.
18a). EGP uses IP directly. BGP uses TCP.
18b). Advantage with using TCP is that reliability is implemented by the transport layer,
removing the error control makes the protocol much simpler. For example, due to the reliability.
one can make incremental updates, instead of making complete state transfers now and then.
Disadvantage with TCP (advantage with raw IP) is the congestion control of TCP. This may
cause the transmission to slow down due to congestion. But EGP/BGP is a part of the control of
the network and should have "higher" priority and should not be affected and withdraw when
there is congestion. After all, it might be that the BGP/EGP information may change the routes
which would cause the congestion to cease, but this is hindered by the congestion itself.

19. OPEN (type 1), UPDATE (type 2), NOTIFICATION (type 3), KEEPALIVE (type 4)

20. No, the path specifies in which sequence the AS’s should be traversed to reach the destination.
The best path in terms of metrics is (shortest number of hops) is a different matter: the number
of hops may differ dramatically between the transit paths of different AS:s.

21. TCP keepalive is not part of the TCP specification - although the keepalive timer can be
enabled in many implementation. However, the interval of the TCP keepalive timer is on a
large timescale, typically hours, which is not good enough for BGP peer keepalives.

22. Stub AS: Connects to exactly one other AS, single exit point. Typically statically configured,
with default routes.
Multi-homed: Connects to several AS:s, but there is no transit traffic. Use BGP to peer to the
different ASs.
Multi-homed transit: Connects to several AS:s, with transit traffic. Use E-BGP to peer
externally, IBGP to peer internally. Set up filtering of transit traffic according to SLA:s.

23. In the EBGP session between R1 and AS300, R1 should block the routes to AS888 that it
learns that way. There are several ways to do this in BGP.

24. By redistribution of routes. In a border router that runs both the IGP and BGP you specify how
routes from the IGP is exported to BGP.

25. Route reflection and AS confederations. With route reflection, you partition the IBGP peers into
a smaller set of fully connected IBGP peers (route reflectors) and a set of clients (route reflector
clients). The clients peer to one route reflector. AS confederations you introduce a new level of
AS hierarchies by introducing sub-ASs within the top-level AS.

26. Multicast routing

26a). Data-driven: flooding, followed by pruning where there are no listeners
Demand-driven: Build a delivery tree only to listeners which actually listens by grafting.

8(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

26b). Data-driven: DVMRP, PIM-DM, demand-driven: PIM-SM, MOSPF

26c). Data-driven is faster (due to flooding) but wastes bandwidth. Better to use in smaller
networks with large bandwidth and with denser membership. Demand-driven is slower since it
must build delivery trees, but does not waste bandwidth. Better to use in internetworking
environments and where the group membership is sparse.

27.
27a).
27b).
27c).

28. Such multicast groups separated by routers that do not support multicasting use an IP tunnel to
transfer multicast datagrams. When using a tunnel, a program encapsulates a multicast datagram
in a conventional unicast datagram. The receiver must extract and handle the multicast datagram
appropriately.

Recitation 6
29. The client can use the hardware address. The hardware address is typically hardcoded in the
client, and can be retrieved by the BOOTP client. Thus, the BOOTP client can set the hardware
address in the BOOTP request, and the same hardware address will be returned by the server in
the BOOTP reply message.

30. DHCP stands for Dynamic Host Configuration Protocol and is an extension of the BOOTP
protocol that provides greater flexibility in IP address management. DHCP can be used for the
dynamic configuration of essential TCP/IP parameters for the hosts (workstations and servers)
on a network. The DHCP protocol consists of two parts:
•A mechanism for allocating IP addresses and other TCP/IP parameters.
•A protocol for negotiating and transmitting host-specific information.
The TCP/IP host requesting the TCP/IP configuration information is called the DHCP client,
and the TCP/IP host that supplies this information is called a DHCP server.

31. As in most cases the client doesn’t know its IP address yet, the server has to broadcast the reply.
Broadcasting to an ephermal port is considered bad form, because other applications on other
hosts that happen to be using the same (ephemeral) port number could be disturbed.

32. The in-addr.arpa branch of the DNS tree is an elegant way to do the reverse translation - from IP
address to hostname. If the in-addr.arpa domain weren’t there, the only way to do reverse
translation would be to start at the root of the tree and trying every top-level domain, which
would literally take days or weeks. Since names are written starting at the bottom of the DNS
tree, working upwards, the 4 bytes of the IP address must be written backward. This means that
the DNS name for a host with an IP address of 140.252.13.33, is:
33.13.252.140.in-addr.arpa

33. The timestamp is used to place the incoming audio and video packets in the correct timing
order (playout delay compensation). The sequence number is mainly used to detect losses.
Sequence numbers increase by one for each RTP packet transmitted, timestamps increase by the

9(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

time “covered” by a packet. For video formats where a video frame is split across several RTP
packets, several packets may have the same timestamp. In some cases such as carrying DTMF
(touch tone) data, RTP timestamps may not be monotonic.

34. Removed fields: Type of Service, Header Checksum, Options, Flags, Fragment offset and
Identification.
Renamed: Protocol->NextHeader, TTL->hop limit, total length -> payload length (changed
semantics)
New fields: The Class and Flow Label
Same: the Version field is the only one that is called the same, means the same and is in the
same position in the header.

35. Most of the simplifications are easy to explain starting from the new header format:
•Use of fixed format headers: instead of using variable length options, a fixed format for the
header is used and extension headers, that is, additional headers between the IP header and the
carried data are inserted to make special handling of the packets (for example, source routing)
possible. So there is no more need for a header length field, and processing of the IP header
becomes simpler.
•Eliminaton of header checksum: this decision was subject to many discussions but at the end
proved out to be beneficial. In IPv4, the header checksum was intended to make sure that no
modifications in the header occur - a wrong address or protocol field would lead to the dis-
carding of the packet at the destination anyway. But the header checksum needs to be recom-
puted at each intermediate router (hop) [the TTL field needs to be decremented] thus causing
performance losses. At the link layer, a checksum exists; and higher layers are also requested
to check the integrity of the delivered data. So with IPv6 it will be compulsory even for UDP
to use checksums.
•Avoiding of hop-by-hop segmentation: the Internet community realized that hop-by-hop
segmentation caused inefficient using of the network. If a large packet is to be transmitted over
a network that is able to carry only small segments, the packet had to be fragmented. The suc-
cessful transmission of the whole packet depends on the successful transmission of each seg-
ment, so if only one is missing, the whole packet needs to be retransmitted. In IPv6, hosts
should learn the maximum acceptable segment size through a procedure called path MTU dis-
covery or alternatively transmit only small packets.

10(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

36. Note (1) that X must know R’s IPv4 address (2) Since X uses an IPv4-compatible IPv6 address,
R can use automatic tunneling when sending from Y to X. .

IPv4hdr src: 123.45.56.3 dst: 194.23.3.1

A

IPv6hdr src: ::123.45.56.3 dst: 581E:1456:2314:ABCD::1211

Payload

B
IPv6hdr src: ::123.45.56.3 dst: 581E:1456:2314:ABCD::1211

Payload

C
IPv6hdr src: 581E:1456:2314:ABCD::1211 dst: ::123.45.56.3

Payload

IPv4hdr src: 194.23.3.1 dst: 123.45.56.3

D

IPv6hdr src: 581E:1456:2314:ABCD::1211 dst: ::123.45.56.3

Payload

37. 1. Agent Discovery - discover home agent or foreign agent. The protocol uses piggybacking on
ICMP router advertisment/solicitation.
2. Registration - The mobile host registers with the foreign agent and the home agent. This is
done by using Registration request and reply encapsulated in UDP on port 434.
3. Data Transfer - data transfer between a remote host and the mobile host. The traffic from the
remote host to the mobile host goes via the home agent which tunnels it to the foreign agent.
packets from the mobile host to the remote host goes directly.

38. Mobile IP

11(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

38a). The agent advertisement is shown below. The code corresponds to an agent where

ICMP Router Advertisement

TYPE:16 LENGTH:20 SEQUENCE:1657

LIFETIME: 14400 CODE: 0x94 RES: 00

CARE-OF ADDRESS: 14.13.16.2

CARE-OF ADDRESS: 14.13.16.3

CARE-OF ADDRESS: 14.13.16.4

registration is required (0x80) agent acts as a foreign agent (0x10), and agent uses GRE
encapsulation (0x040) (for example).
38b). The registration request is shown below.

UDP/IP packet destined to 14.13.16.1 port: 434

TYPE:1 FLAG:0x08 LIFETIME:14400

HOME ADDRESS: 131.5.24.8

HOME AGENT ADDRESS: 131.5.24.1

CARE-OF ADDRESS: 14.13.16.3

(UNIQUE) IDENTIFIER

12(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

39.
1: RH->HA: src: 17.23.34.55 dst: 131.5.24.8

2: HA->FA: src: 131.5.24.1 dst: 14.13.16.1 IP/GRE encapsulation

src: 17.23.34.55 dst: 131.5.24.8

3: FA->MH: src: 17.23.34.55 dst: 14.13.16.3

4: MH->RH: src: 131.5.24.8 dst: 17.23.34.55

Recitation 7
40. The traditional service is best effort. Each packet is treated independently by the routers, and the
route lookup is based on the destination IP address and longest prefix match. There are now
guarantees on bandwidth and delay.
The purpose with IP QoS services is to identify traffic flows in the network and have routers
give special treatment to packets in order to obtain a higher degree of service than best effort.
Typically, guarantees on bandwidth, delay, and delay variation are taken into account.

41. To recognize a flow of packets, classification information is needed. This information typically
includes src/dst IP addresses and src/dst port numbers that are carried in the network layer
packet header and transport layer packet header. Routers have to inspect both IP and UDP/TCP
headers in order to do classification.
Even link level headers and extra headers, such as for VLAN encapsulation and MPLS
encapsulation can be used to do classification.

42.
42a). Identifying the packets belonging to a flow
42b). Ensuring that the flow conforms to an agreed traffic specification
42c). Smoothing out packet bursts
42d). Manage packets in queues and serving the queues so that they receive the desired and
agreed serice
42e). Check that there are enough resources to allocate for a new flow

43. Integrated services (int-serv) and Differentiated services (diff-serv). The goal of int-serv is to
give end-to-end guarantees for applications and RSVP is used as an important component to
make resource reservations. diff-serv is a less complex architecture with a coars-grained model
of QoS, where resources are allocated on a per class basis.

13(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

44. RSVP is called a simplex protocol because it reserves network resources only in one direction.

45. RSVP’s main task is to establish and maintain resource reservations over a path or a distribution
tree, independent of how the path or tree was created.

46. Path message and Reservation message. Every data source periodically sends a path message
that establishes or updates the path state. Each receiver periodically sends a reservation message
that establishes or updates the reservation state. Path messages carry a TSpec (traffic
specification) and Resv messages carry a RSpec (QoS requirements).

47. Token bucket is a standardize way to represent the bandwidth characteristics of an application
generating data at a variable rate. A traffic flow is characterized by a token bucket of rate r and
burst size b if, for any time interval T, it sends no more than rT+b bytes.

48. TSpec
48a). The maximum queue the router may have is the sum of the buckets (15). So if a packet
arrives when the queue is full, it would experience maximum delay, corresponing to 15*0.1s =
1.5s.
48b). The router forwards 4 packets per second (r). It also allows a burst of one packet.
2*4+1=9 packets.

49.
49a). First, assume Receiver1 joins M, and thereby Receiver1 sends IGMP REPORT for M to
R2. R1 and R2 will build a delivery tree using a multicast protocol (eg DVMRP/PIM). Sender1
sends IP multicast packets destined to M to R1->R2->Receiver1. Sender1 also sends PATH
messages Sender1->R1->R2->Receiver1 with a Tspec with bandwidth=B. Receiver1 sends
RESV messages upstreams Receiver1->R2->R1->Sender1 containing an RSPEC which
reserves B in routers R1 and R2.
49b). When Receiver2 joins the group (typically by sending IGMP REPORT to R2) the PATH
messages from Sender1 will propagate also to Receiver2 since they are sent to IP multicast
group M. When the PATH messages arrives to Receiver2, it will send RESV messages
upstreams to R2 containing the same Rspec with bandwidth=B. R2 will merge the reservation
from Receiver 1 and Receiver2: since they are identical the merge is trivial: B, and R2 will
continue sending the same RESV messages upstreams as before.
49c). Sender2 will start sending IP multicast packets addressed to M to R1->R2->Receiver1
and 2. Sender2 will also send PATH messages including a Tspec with bandwidth=B. Since "one
sender" style is used, R1 and R2 can keep the same reservation. Receiver1 and Receiver2 may
just receives data from Sender2 instead of Sender1: unless they have placed filters to treat
senders differently.
49d). This will result in a doubling of the resources in R1 and R2: the RSPECs sent by
Receiver1 and Receiver2 will contain bandwidth=2B due to having two simultaneous senders.

50. Expedited forwarding (EF PHB) and Assured forwarding (AF PHB).
EF should be forwarded with minimal delay and experience low loss. This could be realized by
putting all EF marked packets in a separate queue and ensuring that service rate is higher than
arrival rate.
AF defines 4 separate classes, and there are 3 levels of drop priority within each class. In-profile
packets get assured QoS, and out-of-profile packets get best-effort or are dropped.

14(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

51. Tail-drop simply means that packets are dropped when the buffer gets full.
RED uses a threshold value in the buffer. Up to the threshold value, nothing is dropped. When
threshold is reached, there is still space in the buffers and arriving packets will get dropped
randomly according to a defined probabality. The drop probablity could be differentiated
(green, yellow, red) for different service levels.

52. Diffserv
52a). 15 packets will be marked green, 25 will be marked red.
52b). That depends on the load. If high load, all 25 red packets may be dropped, on the other
hand, all may pass. Further, the red packets may be dropped inside the diffserv area if
congestion occurs in an interior node.

53. Inside an MPLS cloud, forwarding is based on a label, which is a small fixed sized field. When
a regular IP packet enters an ingress LSR (Label Switching Router), a label is tagged to the IP
packet. Inside the MPLS cloud, each LSR looks at the incoming label, performs a table lookup,
and assigns an outgoing label. At the egress LSR, the label is removed and forwarded using dst
IP address and longest prefix match.

54.
• Label distribution information can be piggybacked on regular routing protocol messages (BGP
and PIM). Only protocols where distributed routing information explicitly contains mapping
between FECs and next hops are suitable for piggybacking label binding information
• RSVP can be used for label distribution
• There is a separate signalling protocol, LDP (Label Distribution Protocol), that can be used

55. See figure below.

if 0 if 2
LSRy
if 1 if 3
9 12
if 0 if 2 if 0 if 2
7 26
LSRx LSRv
if 1 if 3 if 1 if 3

if 0 if 2
LSRz
if 1 if 3

15(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

NAT

56. NAPT
56a). The user needs to configure the NAT/NAPT table as follows:
Internal External
Address Port Address Port
10.0.0.2 8080 178.23.4.5 80

request outside: (src:192.23.4.3:2000 dst:178.23.4.5:80)

request inside: (src: 192.23.4.3:2000 dst: 10.0.0.2:8080)
response inside: (src: 10.0.0.2:8080 dst:192.23.4.3:2000)
response outside: (src: 178.23.4.5:80 dst:192.23.4.3:2000)
56b). The user configures the NAT/NAPT box to map the internal 10.0.0.0/8 network to the
external adress 178.23.4.5. We assume the NAPT box assigns ports 4001 and 4002 for the two
http requests from H1 and H 2 , respectively. The table will then contain the following table after

Internal External
Address Port Address Port
10.0.0.3 2000 178.23.4.5 4001
10.0.0.4 2000 178.23.4.5 4002

the two requests have been sent to the external network.

request from H1 inside: (src:10.0.0.3:2000 dst:193.23.4.3:80)
request from H2 inside: (src: 10.0.0.4:2000 dst: 193.23.4.3:80)
request from H1 outside: (src: 178.23.4.5:4001 dst: 193.23.4.3:80)
request from H2 outside: (src: 178.23.4.5:4002 dst: 193.23.4.3:80)
response to H1 outside: (src:193.23.4.3:80 dst: 178.23.4.3:4001)
response to H2 outside: (src:193.23.4.3:80 dst: 178.23.4.3:4002)
response to H1 inside: (src:193.23.4.3:80 dst: 10.0.0.3:2000)
response to H2 inside: (src:193.23.4.3:80 dst: 10.0.0.4:2000)

57. In this case, the address translation is made on the external interface only. The box routes on
the private network and uses private addresses in its tables.

16(17)
 Exercises for Course 2G1305: Internetworking, Period 3, 2004

VPNs

58.

IP1 payload

58a)
IP2 IP1 payload

58b)

IP2 ETH IP1 payload

17(17)