Logo

Uso de NAT y DHCP

Protocolos y Aplicaciones – Parte 2

Fredy Campos A.
f.campos@ieee.org

Carrera Profesional de Ingeniería Electrónica y Telecomunicaciones

Universidad Nacional Tecnológica del Cono Sur de Lima
http://www.untecs.edu.pe/portal/

ver 1.1

2012
Agenda

• Overview
• NAT Concepts
• NAT Types

2
Objetivos

• Presentar el funcionamiento de NAT y aplicaciones

3
Agenda

• Overview
• NAT Concepts
• NAT Types

4
Overview (1)
Escalabilidad de Internet
• Limitación de direcciones IP en IPv4
• Busqueda de soluciones temporales
– Network Address Translation (NAT) and Private Addressing
• Allow organizations to use unregistered IP network numbers
internally and still communicate well with Internet
– Classless Interdomain Routing (CIDR)
• Allows ISPs to reduce the wasting of IP addresses by assigning a
company a subset of a network number rather than the entire
network.
• CIDR also can allow ISPs to summarize routes such that multiple
Class A, B, or C networks match a single route, which helps
reduce the size of Internet routing tables.

5
Overview (2)
Escalabilidad de Internet

Problems with IPv4

- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient

6
Overview (3)
Escalabilidad de Internet

Problems with IPv4

- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient

Short term solution

- NAT: Network Address Translation

7
Overview (4)
Escalabilidad de Internet

Problems with IPv4

- Shortage of IPv4 addresses
- Allocation of the last IPv4 addresses is forecasted for the year 2010
- Address classes were replaced by usage of CIDR, but this is not sufficient

Short term solution

- NAT: Network Address Translation

Long term solution

- IPv6 = IPng (IP next generation)
- Provides an extended address range

8
Overview (5)
CIDR
• CIDR is a global address assignment convention,
defining how the Internet Assigned Numbers Authority
(IANA)
– Its member agencies, and ISPs should assign the globally
unique IPv4 address space to individual organizations.
– CIDR is defined in RFC 4632
• Main goals (in accord to RFC 4632)
– Define address assignment for aggregating (summarizing)
multiple network numbers into a single routing entity (reducing
the Internet routers’ routing tables)
– Allow ISP's to assign address ranges to their customers of sizes
other than an entire Class A, B, or C network

9
Overview (6)
CIDR
• Route Aggregation for Shorter Routing Tables
– Ex. ISP 1 only use 198.0.0.0/8 to be reached by others

10
Overview (7)
Private Addressing
• When building a private network that will have no
Internet connectivity, you can use IP network numbers
called private internets
• They are defined in RFC 1918, Address Allocation for
Private Internets (http://www.ietf.org/rfc/rfc1918.txt).
– This RFC defines a set of networks that will never be assigned
to any organization as a registered network number.

11
Agenda

• Overview
• NAT Concepts
• NAT Types

12
NAT Concepts (1)
Funcionamiento

Private Network Public Network

- Uses private address range (local addresses) - Uses public addresses
- Local addresses may not be used externally - Public addresses are globally unique

13
NAT Concepts (2)
Funcionamiento

NAT
- Translates between local addresses and public ones
- Many private hosts share few global addresses

Private Network Public Network

- Uses private address range (local addresses) - Uses public addresses
- Local addresses may not be used externally - Public addresses are globally unique

14
NAT Concepts (3)
Funcionamiento
• Change IP Address
– Router change source IP Address when packet leaves the
private organization

15
NAT Concepts (4)
Funcionamiento
• Ventajas
– Public IP Address Sharing
• Hosts can share a small number of public IP addresses.
– Easier Expansion
• Network devices are privately addressed and a public IP address
isn't needed for each one,
– Greater Local Control
– Greater Flexibility In ISP Service
– Increased Security
• The NAT translation represents a level of indirection. Thus, it
automatically creates a type of firewall between the organization's
network and the public Internet.
– (Mostly) Transparent
16
NAT Concepts (5)
Funcionamiento
• Desventajas
– Complexity
– Problems Due to Lack of Public Addresses
– Compatibility Problems With Certain Applications
– Problems With Security Protocols
• IPSec are designed to detect modifications to headers and
commonly balk at the changes that NAT makes, since they cannot
differentiate those changes from malicious datagram “hacking”.
– Poor Support for Client Access
– Performance Reduction

17
NAT Concepts (6)
Terminología
• NAT Address Terms Based on Device Location
(Inside/Outside)
– Inside Address
• Any device on the organization's private network that is using NAT
is said to be on the inside network. Thus, any address that refers
to a device on the local network in any form is called an inside
address.
– Outside Address
• The public internet—that is, everything outside the local network—
is considered the outside network. Any address that refers to a
public Internet device is an outside address.
Key Concept: In NAT, the terms inside and outside are used to identify the location of
devices. Inside addresses refer to devices on the organization’s private network; outside
addresses refer to devices on the public Internet

18
NAT Concepts (7)
Terminología
• NAT Address Terms Based on Datagram Location
(Local/Global)
– Local Address
• This term describes an address that appears in a datagram on the
inside network, whether it refers to an inside or outside address.
– Global Address
• This term describes an address that appears in a datagram on the
outside network, again whether it refers to an inside or outside
address.

Key Concept: In NAT, the terms local and global are used to indicate in what network a
particular address appears. Local addresses are used on the organization’s private
network (whether to refer to an inside device or an outside device); global addresses are
used on the public Internet (again, whether referring to an inside or outside device).

19
NAT Concepts (8)
Terminología

20
NAT Concepts (9)
Terminología
• Combinando los términos
– Inside local address
• The IPv4 address that is assigned to a host on the inside network
(inside an enterprise). An inside local is the actual IP address
assigned to a host in the private enterprise network. A more
descriptive term might be inside private.
– Inside global address
• A legitimate IPv4 address that is assigned by ISP that represents
one or more inside local IPv4 addresses to the outside world. NAT
uses an inside global address to represent the inside host as the
packet is sent through the outside network (Internet).
• A more descriptive term: inside public, so the inside global address
represents the inside host with a public IP address that can be
used for routing in the public Internet.

21
NAT Concepts (10)
Terminología
• Combinando los términos (cont.)
– Outside global address
• The IPv4 address that is assigned to a host on the outside network
by the host owner. The outside global address is allocated from a
globally routable address or network space.

– Outside local address

• The IPv4 address of an outside host as it appears to the inside
network. Not necessarily legitimate, the outside local address is
allocated from a routable address space on the inside.

22
NAT Concepts (11)
Terminología

23
NAT Concepts (12)
Terminología

24
Agenda

• Overview
• NAT Concepts
• NAT Types

25
NAT Types (1)
Clasificación
• Según Cisco los siguientes tipos comunes pueden ser
usados
– Static NAT
– Dynamic NAT
– Overloading NAT with PAT

• Según los académicos los tipos generales son:

– Unidirectional NAT (also called outbound or traditional NAT)
– Bidirectional (inbound or “two-way”) NAT
– Port-Based or “Overloaded” NAT (also called NAPT or PAT)
– “Overlapping” NAT (also called “Twice NAT”).

26
NAT Types (2)
Clasificación común
• Static NAT
– Maps an unregistered IPv4 address to a registered IPv4
address (one to one). Static NAT is particularly useful when a
device must be accessible from outside the network.

27
NAT Types (3)
Clasificación común
• Dynamic NAT
– Maps an unregistered IPv4 address to a registered IPv4
address from a group of registered IPv4 addresses.

28
NAT Types (4)
Clasificación común
• NAT Overloading
– Maps multiple unregistered IPv4 addresses to a single
registered IPv4 address (many to one) by using different ports.
Overloading is also known as PAT, and is a form of dynamic
NAT.

29
NAT Types (5)
Clasificación académica
• Unidirectional NAT (also called outbound or traditional
NAT)

30
NAT Types (6)
Clasificación académica
• Bidirectional (inbound or “two-way”) NAT

31
NAT Types (7)
Clasificación académica
• Port-Based or “Overloaded” NAT (also called NAPT or
PAT)

32
NAT Types (8)
Clasificación académica
• “Overlapping” NAT (also called “Twice NAT”)

33
 Fredy Campos A.
f.campos@ieee.org

Carrera Profesional de Ingeniería Electrónica y Telecomunicaciones

Universidad Nacional Tecnológica del Cono Sur de Lima
http://www.untecs.edu.pe/portal/

2012 | Fredy Campos | f.campos@ieee.org Uso de NAT y DHCP @ F. Campos 34