cs 5565 network architecture and protocols godmar back
TRANSCRIPT
![Page 1: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/1.jpg)
CS 5565Network Architecture and
Protocols
Godmar Back
![Page 2: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/2.jpg)
Announcements
• Required Reading: – DCCP by Koehler et al, SIGCOMM 2006
CS 5565 Spring 2012
![Page 3: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/3.jpg)
Network Address Translation
TCP Hole Punching & Simultaneous Open
![Page 4: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/4.jpg)
CS 5565 Spring 2012
NAT: Network Address Translation
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
138.76.29.7
local network(e.g., home network)
10.0.0/24
rest ofInternet
Datagrams with source or destination in this networkhave 10.0.0/24 address for
source, destination (as usual)
All datagrams leaving localnetwork have same single source
NAT IP address: 138.76.29.7,different source port numbers
![Page 5: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/5.jpg)
CS 5565 Spring 2012
NAT: Network Address Translation
• Motivation: local network uses just one IP address as far as outside word is concerned:– no need to be allocated range of addresses from ISP:
- just one IP address is used for all devices– can change addresses of devices in local network
without notifying outside world– can change ISP without changing addresses of
devices in local network– devices inside local net not explicitly addressable,
visible by outside world (a huge security plus).
![Page 6: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/6.jpg)
CS 5565 Spring 2012
NAT: Network Address TranslationImplementation: NAT router must:
– outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)
. . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr.
– remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair
– incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table
![Page 7: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/7.jpg)
CS 5565 Spring 2012
NAT: Network Address Translation
192.168.5.62
192.168.5.63
192.168.5.64
S: 192.168.5.62, 3345D: 128.119.40.186, 80 1
192.168.5.1
128.173.41.81
1: host 192.168.5.62sends datagram to 128.119.40.186, 80
NAT translation tableWAN side addr LAN side addr
128.173.41.81, 5001 192.168.5.62, 3345…… ……
S: 128.119.40.186, 80 D: 192.168.5.62, 3345
4
S: 128.173.41.81, 5001D: 128.119.40.186, 80
2
2: NAT routerchanges datagramsource addr from192.168.5.62, 3345 to128.173.41.81, 5001,updates table
S: 128.119.40.186, 80 D: 128.173.41.81, 5001
3
3: Reply arrives dest. address: 128.173.41.81, 5001
4: NAT routerchanges datagramdest addr from 128.173.41.81, 5001 to 192.168.5.62, 3345
![Page 8: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/8.jpg)
Managing NAT table
• NAT Gateway (usually) adds entries for datagrams traveling private to public automatically– Allows UDP/TCP clients to transparently sendto/connect
to outside servers• Removal of entries
– UDP: timeout due to inactivity– TCP: timeout + TCP connection teardown
• Other direction requires configuration so NAT Gateway knows where to forward incoming datagram even if no private host previously punched a hole by initiating UDP traffic/TCP connection
CS 5565 Spring 2012
![Page 9: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/9.jpg)
CS 5565 Spring 2012
NAT Disadvantages
• 16-bit port-number field: – Only 60,000 simultaneous connections with a single
LAN-side address!
• NAT is controversial:– routers should only process up to layer 3– violates end-to-end argument
• NAT possibility must be taken into account by app designers, eg, P2P applications
– address shortage should instead be solved by IPv6– really annoying if you time out on rlogin.cs.vt.edu
![Page 10: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/10.jpg)
NAT Challenges
• Considering that most Internet hosts are behind NAT these days – how should applications be written to deal with that?
• No problem as long as server has public IP and client knows where to connect (HTTP, XMPP, SMTP, POP)
• What about P2P applications?– Could relay through server, but that would defeat purpose of P2P– Instead, a technique called “hole punching” is widely used (e.g.,
in Skype)– Discussed in [Ford/Srisuresh/Kegel 2005]
• UDP hole punching is widely used, but TCP hole punching is possible as well
CS 5565 Spring 2012
![Page 11: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/11.jpg)
NAT Relaying• All traffic goes
through S• Source: [
Ford/Srisuresh/Kegel 2005]
CS 5565 Spring 2012
![Page 12: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/12.jpg)
UDP Hole Punching
• Rendezvous server only directs punches, traffic goes P2P
• Details in [Ford/Srisuresh/Kegel 2005]CS 5565 Spring 2012
![Page 13: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/13.jpg)
CS 5565 Spring 2012
Aside: TCP Hole Punching
• External server S records & provides private & public IP• both behind-NAT hosts must punch holes with outgoing
SYN – allows TCP connection
![Page 14: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/14.jpg)
CS 5565 Spring 2012
Simultaneous Open (cont’d)
• Vint Cerf, 1987:
• Not invented for hole punching in NAT – coincidental use
Distributed systems with symmetric processes that automatically seek to link to each other (no master/slave relationship) would use the simul-OPEN style. It was designed into TCP for that purpose; I do not know, however, whether any actual applications have made use of this feature.
![Page 15: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/15.jpg)
CS 5565 Spring 2012
Simultaneous Open
(a) TCP connection establishment in the normal case.(b) Call collision – one connection is established (“client-client” connection)
![Page 16: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/16.jpg)
CS 5565 Spring 2012
TCP ConnectionFSM
The heavy solid line is the normal path for a client.
The heavy dashed line is the normal path for a server.
The light lines are unusual events.
Each transition is labeled by the event causing it and the action resulting from it, separated by a slash.
![Page 17: CS 5565 Network Architecture and Protocols Godmar Back](https://reader035.vdocuments.site/reader035/viewer/2022062321/56649e245503460f94b127d9/html5/thumbnails/17.jpg)
CS 5565 Spring 2012
TCP HolePunching
• Must bind multiple sockets to same port (SO_REUSEADDR)
• Manage to identify which scenario has occurred
• Must handle case where both clients are behind the same NAT!