Loading...
墨滴

董亦杨

2021/04/28  阅读:31  主题:自定义主题1

The Internet Protocol(2): NAT, IPv6

The Internet Protocol(2): NAT, IPv6

Key Words:
-- NAT
-- IPv6
---- vs IPv4
---- Transition via Tunneling
---- Adoption

1. Network Address Translation (NAT)

If the subnet grew bigger, a larger block of addresses would have to be allocated.

  • what if the ISP had already allocated the contiguous portions of the network's current address range?
  • how to manage IP addresses for a homeowner?
  • Network Address Translation is a approach to address allocation that has found increasingly widespread use

NAT let all devices in Local Network share just ONE IPv4 address as far as outside world is concerned

  • all devices have 32-bit addresses in a private IP address space that can ONLY be used in local network
  • e.g. 10/8, 172.16/12, 192.168/16 prefixes

The Router gets its IP addresses from the ISP's DHCP Server

  • and the router runs a DHCP Server to provide addresses
  • to computers within the NAT-DHCP-router-controlled

NAT has advantages

  1. Just ONE IP Address needed from provider ISP for ALL devices
  2. Can change addresses of host in Local Network without notifying outside world
  3. Can change ISP without changing addresses of devices in Local Network
  4. Security: devices inside Local Network NOT directly addressable and visible by outside world
  5. Extensively used in home and institutional nets, 4G/5G cellular nets

NAT Implementation

Replace (source IP address, port#) of every outgoing datagram

  • to (NAT IP address, new port#)
  • remote clients/servers will respond using (NAT IP address, new port#) as Destination Address

Remember every (source IP address, port#) to

  • in NAT Translation Table

Replace (NAT IP address, new port#) in Destination fields of every Incoming Datagram

  • with corresponding (source IP address, port#)
  • stored in NAT Table

NAT has been controversial:

  • Routers should ONLY process up to Network-Layer
  • Address shortage should be solved by IPv6
  • NAT violates end-to-end argument
    • hosts should be talking directly with each other, without interfering nodes modifying IP Addresses, much less port numbers
    • port# manipulation by Network-Layer device
  • NAT Traversal: what if client wants to connect to server behind NAT?

References:
[1]http://gaia.cs.umass.edu/kurose_ross/index.html

2. IPv6

Initial Motivation

  • Expanded addressing capabilities from 32 to 128 bits
  • A streamlined 40-byte fixed length header allows for faster processing of the IP datagram by a router.
    • a new encoding of options allows for more flexible options processing
  • Enable different network-layer treatment of "flows"

IPv6 Datagram Format

Version:
This 4-bit field identifies the IP version number

  • IPv6 carries a value of 6 but 4 CANNOT create a valid IP4 datagram

Traffic class:
Like Type of Service in IPv4, can be used to give priority to certain datagrams within a flow

  • or from certain applications (e.g. voice-over-IP)
  • over datagrams from other applications (e.g. SMTP e-mail)

Flow label:
IPv6 has an elusive definition of a flow, allows

  • labeling of packets belonging to particular flows for which the sender requests special handling
    • such as a non-default quality of service or real-time service
  • e.g. audio and video transmission as a flow, e-mail is NOT treated as flow

Payload length:
16-bit is an unsigned integer giving the number of bytes in the IPv6 datagram

  • following the fixed-length, 40-byte datagram header

Next header:
This field identifies the protocol to which the contents (data field) of this datagram will be delivered

  • e.g. to TCP(6) or UDP(17)
  • same as IPv4 header

Hop limit:
The contents of this field are decremented by ONE

  • by each router that forwards the datagram
  • if the hop limit count reaches 0, a router must discard that datagram

Source and Destination Addresses:
IPv6 increases the size of the IP address from 32 to 128 bits.

  • IPv6 has introduced a new type of address, called an anycast address
    • that allows a datagram to be deliverd to ANY one of a group of hosts
    • in addition to unicast and multicast addresses
    • e.g. Send an HTTP GET to the nearest of a number of mirror sites that contain a given document

Data:
The payload portion of the IPv6 Datagram

  • when the datagram reaches its destination, the payload will be removed from the IP datagram and passed on to the protocol specified in the next header field

What's missing compared with IPv4

Fragmentation / Reassembly:
Both operations can be allowed at Intermediate Routers, but can be performed ONLY by the source and destination

  • to speed up IP Forwarding within the network

Header checksum:
Because the transport & link-layer protocols perform checksumming, it is redundant in the network-layer

  • time-consuming and costly

Options:
The Options field is no longer a part of the standard IP header

  • but is one of the possible next headers pointed to from within the IPv6 header.
  • the removal of the options field results in a *fixed-length, 40-byte IP header

Transition From IPv4 to IPv6

Suppose two IPv6 nodes (i.e. B and E) want to interoperate using IPv6 datagrams

  • but are connected to each other by intervening IPv4 router
  • the intervening set of IPv4 routers between two IPv6 routers is a Tunnel

With Tunneling, the IPv6 node on the sending side of the tunnel (i.e. B) takes the entire IPv6 datagram

  • and puts it in the data(payload) field of an IPv4 datagram
    • this IPv4 datagram is then addressed to the IPv6 node on the receiving side of the tunnel (i.e. E)
    • and send to the first node in the tunnel (i.e. C), then D, then E

The IPv6 node on the receiving side of the tunnel (i.e.E) receives the IPv4 datagram,

  • determines that the IPv4 datagram contains an IPv6 datagram
    • by observing that the protocol number field in the IPv4 datagram is 41,
    • indicating that the IPv4 payload is a IPv6 datagram
  • extracts and then routes the IPv6 datagram

IPv6 Adoption

NIST(National Institute of Standards and Technology): More than 1/3 of US government domains are IPv6-enabled

On the client side, Google reports that about 35% of the clients accessing Google services do so via IPv6

  • https://www.google.com/intl/en/ipv6/statistics.html

It is difficult to change network-layer protocols

  • but rapid deployment of new protocols at the application layer: Web, instant messaging, streaming media, distributed game, social media...
  • it is easy to add a new layer of paint to house but hard to replace the foundation of a house

References:
[1]http://gaia.cs.umass.edu/kurose_ross/index.html

董亦杨

2021/04/28  阅读:31  主题:自定义主题1

作者介绍

董亦杨