ITECH2108 Topic 3

flutteringevergreenΔίκτυα και Επικοινωνίες

29 Οκτ 2013 (πριν από 3 χρόνια και 5 μήνες)

61 εμφανίσεις

Advanced Network Services

Topic 3


Routing & NAT

11:34 ( 1 of 30)

ITECH2108 Topic 3

Routing and NAT

Advanced Network Services

Topic 3


Routing & NAT

11:34 ( 2 of 30)

What are they?



Routing


Forwarding of packets from an IP source to an
IP destination


Through many routers


Network Address Translation


Forwarding of packets
with a modified
IP
source address


A single gateway

Advanced Network Services

Topic 3


Routing & NAT

11:34 ( 3 of 30)

Routing topics


Review of concepts


How does it work?


Routing information protocols


RIP


OSPF


Lab


Build real routed networks


As opposed to NetSim networks

Advanced Network Services

Topic 3


Routing & NAT

11:34 ( 4 of 30)

Routing


Fundamental to the design of networking


Data Link Layer


Local Delivery on a LAN


Appropriate frame header constructed by sender


Network Layer


Remote Delivery in an internetwork


A series of Local Delivery steps between routers

Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 5 of 30)

A router in action

R

Peer
-
to
-
peer
communication
with data
-
link
layer in previous
router

PtP with data
-
link layer in
next router

Part of PtP between
network layer in
sender and receiver

Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 6 of 30)

Multiple interfaces and next hops


In reality a router will have more than the
two interfaces shown


Router must decide which exit to take


Where does the packet go to next?



It’s not shown but there could be many possible
“next hops”


Router must decide where to next

Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 7 of 30)

An aside on multi
-
homing


In the lab the computers have only one
interface (NIC)


How do we route?


Assign multiple IP addresses to the one
interface


Routing takes place between “logical” (rather
than “physical”) networks

Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 8 of 30)

Multi
-
homing example

Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 9 of 30)

The routing table

192.168.3.1

192.168.2.2

192.168.2.1

192.168.1.1

192.168.2.0

192.168.1.0

192.168.3.0

Local entries

Remote entry

Network

Interface

Metric

Destination

Interface

Next hop

192.168.3.0

192.168.2.0

192.168.3.1

192.168.2.2

192.168.3.1

192.168.2.2

0

0

192.168.1.0

192.168.2.2

192.168.2.1

1

Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 10 of 30)

Static routing


“Remote” routing table entries can be
created manually


The entries for local networks are automatically
generated


Human communication can provide the values
for other entries


This was the NetSim lab


This is the start of this week’s lab

Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 11 of 30)

Dynamic routing


Routers communicate with a dedicated protocol


Distance vector


Early approach


Not scalable


RIP


Routing Information Protocol


Link state


More selective


Highly scalable


OSPF


Open Shortest Path First


Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 12 of 30)

Distance Vector


“Tell your neighbour(s) all you know”


Broadcast routing table with all metric figures
incremented by 1


Periodic broadcast


Neighbour inspects incoming


If the route is already present do nothing


If the route is new to you add an entry

Advanced Network Services

Topic 3


Routing & NAT

11:35 ( 13 of 30)

RIP in action

Multicast
(
Class D
) IP
destination

UDP Port
520

Routing
table at
192.168.0.?

Advanced Network Services

Topic 3


Routing & NAT

11:36 ( 14 of 30)

Problems with RIP


Limited hop count


Maximum value is 15, large networks a problem


Verbose


Unchanged information repeated constantly


Insecure


Multicasts could have come from anywhere!


Slow convergence


Info must propagate step
-
by
-
step through whole network

Advanced Network Services

Topic 3


Routing & NAT

11:36 ( 15 of 30)

Link State


“Tell everyone about your neighbours”


Maps of
entire network

topology are built up by
every router


Each router then computes its own routing table


Infrequent regular updates


Changes sent immediately


Only changed values are sent (unlike RIP)


Areas
defined to limit size of network

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

OSPF phases


Getting to know your neighbours


OSPF Hello protocol


Distributing map information


Link State Advertisements (LSA) are sent which tell:


Address of originating router


Address of all routers directly connected


A

sequence number

to uniquely identify this version of the
information


Computing the map


Must be consistent

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

OSPF
-

general

Multicast
(Class D) IP
destination

OSPF
unique
protocol ID
(not UDP or
TCP)

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

OSPF


Hello

This router
announcing
itself

Not using
security

Not defining
any areas

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

OSPF


LSA

Originating
router

Our
neighbours

LSA
sequence
number

Description
of …

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

OSPF Areas


OSPF supports a hierarchical organisation of areas


OSPF can work independently
within

and
between
areas


Backbone Area


top of the tree


0.0.0.0


Area Border Router (ABR) connects to area(s)


Internal Router (IR) operates within an area


Autonomous System Border Router (ASBR) links in an
area using some other routing protocol


Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

OSPF Area Example

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

Assessing OSPF relative to RIP


Less verbose


LSA’s only include neighbour information


Compare to entire tables


Rapid convergence


LSA’s are more targetted


Are sent as soon as there is a change


Compute/storage intensive


Each router manipulates entire topology in building
routing table

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

The Lab
-

Routing

Windows


Linux

Multi
-
homing is supported.

Build a three station network

By default no dynamic routing in
XP

Multi
-
homing is supported.


but
some editting of the routing table is
required.

Build a three station network

Look at some dynamic routing
protocols

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

Network Address Translation


Problem:


How to use private IP addresses for Internet
access?


Answer:


Use a NAT gateway


A single public IP address


An entire network of private IP addresses


Outgoing and incoming packets have their IP
headers “mangled”

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

Private: 192.168.0.1 Public:141.132.196.72



SYN

Flag

80

Dest port

169.85.67.2

Dest address

4567

Source port

192.168.0.1

Source address

Client
» Gateway

SYN

Flag

80

Dest port

169.85.67.2

Dest address

6789

Source port

141.132.196.72

Source address

Gateway
» Server

SYN ACK

Flag

6789

Dest port

141.132.196.72

Dest address

80

Source port

169.85.67.2

Source address

Server
» Gateway

SYN ACK

Flag

4567

Dest port

192.168.0.1

Dest address

80

Source port

169.85.67.2

Source address

Gateway
» Client

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

But what if there’s no port?


Technique on previous slide works well for
all TCP/UDP based on port number


What about other IP protocols?


ICMP, OSPF….


These need to be handled explicitly based
on some identifying attribute of the packet


ICMP Identifier field


Not generalisable…

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

ICMP through NAT

Src>Gwy

Gwy>Dest

Dest>Gwy

Gwy>Src

Identifier
field

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

What about incoming traffic?


The security advantage of NAT is that an
outsider does not know how to address the
private network


But what if we want a server?


The gateway must be configured to listen on
specific ports for individual private servers

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

What about UDP?


An interaction based on UDP might not
involve replies on the same port


There’s no “connection” as in TCP


NAT gateway must open a port for the reply


An external server is used to relay this
information to the public client

Advanced Network Services

Topic 3


Routing & NAT

17:17 ( 1 of 30)

The Lab
-

NAT

Windows


Linux

NAT is termed “connection sharing”
and only works between physical
interfaces. Not usable in a lab
machine.

iptables

provides extensive packet
filtering and manipulation between
logical networks. NAT involves
MASQUERADING.