NAT (Network Address Translation)
NAT (Network Address Translation)Section
461JokesARPGhostbusters
Introduction to NatGrew up in Lexington, KYEnjoy stargazing,
cycling, and mushroom huntingMet Mario once (longtime ago)
Introduction to NATNetwork Address TranslationNot very old (only
in heavy use since the late 90s)A protocol to map from private
addresses to public addresses, and vice-versaUtilizes port numbers
as secondary addressing informationMost common type of NAT is
actually NAPT (Network Address Port Translation)Other type of NAT
is Basic NAT (which we wont really be discussing)Private
NetworksAny IP network that isnt directly connected to the
internetIP addresses can be assigned however we want!However,
generally theseranges are used:10.0.0.0 10.255.255.255172.16.0.0
172.31.255.255192.168.0.0 192.168.255.255
NAT Diagram
NAT OperationEach NAT device (router) has an address translation
tableFor outbound packets, a new table entry is made, choosing an
arbitrary source port number (TCP/IP headers rewritten)For inbound
packets, the table is consulted to rewrite the packet headers and
re-route to an internal hostPhone analogyWhy Do We Need NAT?Why is
NAT necessary?Not enough IP addresses to go aroundWe want some
hosts not to be publicly accessible
Types of NATFull-cone NATAccepts data through any previously
used portAddress-restricted-cone NATOnly accepts data through
previously used ports if the source IP matches a system weve
already sent toPort-restricted-cone NATLike the above, but uses
source ports tooSymmetric NATMappings are unique to external hosts:
a different public port is used for each external hostProblems with
NATNAT is great!But it has issuesLike what?Breaks end-to-end
connectivityShould just use IPv6Rewrites packet headersEven
requires newTCP checksum!Initial issue: how do youconnect to a host
behind a NATif it hasnt talked to you first?
Running Services behind a NATYoure behind a NAT, and you need an
external hosts packets to get to youExample: running a web host
behind a NATYou cant necessarily send an outbound packet first to
write the NAT tableMajor issue for games and P2PSolutions?Port
forwarding (manually adding tables to the address translation
table)
NAT PunchthroughTwo hosts behind NATs need a way to exchange
data directlyThey know each others IPs, but not each others
communication portsThey both connect to a known server that
exchanges the data for themThey can nowcommunicateOften used
formultiplayer games
UPnP and IGDUPnP: Universal Plug and PlaySet of protocols for
networked devices to perform discovery automaticallyIGD: Internet
Gateway Device protocolNAT protocol that can perform automatic port
mappingAllows a host inside a network to tell the router which
public port it wants to use for communicationAlso gives mechanisms
for finding public IP address and checking existing port
mappingsGames can rely on this protocol to configure NAT tables
such that users can be mapped with known ports and communication
can take placeSTUNOld Name: Simple Traversal of UDP through NATNew
Name: Session Traversal Utilities for NATProtocol for NAT
traversalAttempt to standardize NAT traversal by establishing NAT
categoriesand methods for checkingfor/communicating with each
TURNTraversal Using Relays Around NATSimilar to earlier
punchthrough algorithmA server sits between two hosts behind
NATsThe server relays databetween the two hosts
ICEInteractive Connectivity EstablishmentProtocol that utilizes
STUN and TURN to perform NAT punchthroughUsed often in VoIP
Questions?
