Advanced Computer Networking

Module Code :MIT6114

Ambo University
Hachalu Hundesa CampusInstitute of Technology
Department of Information Technology
(MSc program)

Instructor: Dr.C.Suresh Gnana Dhas

E-Mail id:drsuresh.csambo@gmail.com
 Advanced Computer Networking MIT6114

Chapter 1- Fundamental Networking concepts review

• OSI Reference model
• Routing and Switching basics
• Internet Protocol
 Addressing—Classless inter domain routing (CIDR), sub netting,
Address Resolution Protocol (ARP), Network Address Translation
(NAT),
 Hot Standby Router Protocol (HSRP) Services—Domain Name
System (DNS), Bootstrap Protocol (BOOTP), Dynamic Host
Configuration Protocol (DHCP), Internet Control Message Protocol
(ICMP)
 Applications—Telnet, File Transfer Protocol (FTP), Trivial File
Transfer Protocol (TFTP)
 Transport—IP fragmentation, sockets, ports
 IP access lists

CINS/F1-01
 IP Addressing
Classless Interdomain Routing (CIDR)
 Chapter 1-2 Fundamental
Networking concepts review
Internet Protocol
Addressing
• Classless inter domain routing (CIDR), sub netting
• Address Resolution Protocol (ARP)
• Network Address Translation (NAT)
IP Addresses

• Structure of an IP address
• Classful IP addresses
• Limitations and problems with classful IP addresses
• Subnetting
• CIDR
• IP Version 6 addresses
IP Addresses

32 bits
version header Type of Service/TOS Total Length (in bytes)
(4 bits) length (8 bits) (16 bits)
flags
Identification (16 bits) Fragment Offset (13 bits)
(3 bits)
TTL Time-to-Live Protocol
Header Checksum (16 bits)
(8 bits) (8 bits)

Source IP address (32 bits)

Destination IP address (32 bits)

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
IP Addresses

32 bits
0x4 0x5 0x00 4410

9d08 0102 00000000000002

12810 0x06 8bff

128.143.137.144

128.143.71.21

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
What is an IP Address?

• An IP address is a unique global address for a network

interface

• An IP address:
- is a 32 bit long identifier
- encodes a network number (network prefix)
and a host number
Dotted Decimal Notation

• IP addresses are written in a so-called dotted decimal

notation
• Each byte is identified by a decimal number in the range
[0..255]:

• Example:
10000000 10001111 10001001 10010000
1st Byte 2nd Byte 3rd Byte 4th Byte
= 128 = 143 = 137 = 144

128.143.137.144
Network prefix and Host number

• The network prefix identifies a network and the host number

identifies a specific host (actually, interface on the network).

network prefix host number

• How do we know how long the network prefix is?

– The network prefix is implicitly defined (see class-based
addressing)
– The network prefix is indicated by a netmask.
Example

• Example: ellington.cs.virginia.edu

128.143 137.144

• Network id is: 128.143.0.0

• Host number is: 137.144
• Network mask is: 255.255.0.0 or ffff0000

• Prefix notation: 128.143.137.144/16

» Network prefix is 16 bits long
The old way: Classful IP Adresses

• When Internet addresses were standardized (early 1980s),

the Internet address space was divided up into classes:
– Class A: Network prefix is 8 bits long
– Class B: Network prefix is 16 bits long
– Class C: Network prefix is 24 bits long

• Each IP address contained a key which identifies the class:

– Class A: IP address starts with “0”
– Class B: IP address starts with “10”
– Class C: IP address starts with “110”
The old way: Internet Address Classes

bit # 0 1 7 8 31

Class A 0
Network Prefix Host Number
8 bits 24 bits

bit # 0 1 2 15 16 31

Class B 10 network id host

Network Prefix Host Number

16 bits 16 bits

bit # 0 1 2 3 23 24 31

Class C 110 network id host

Network Prefix Host Number

24 bits 8 bits
The old way: Internet Address Classes

bit # 0 1 2 3 4 31

Class D 1110 multicast group id

bit # 0 1 2 3 4 5 31

Class E 11110 (reserved for future use)

• We will learn about multicast addresses later in this course.

 Problems with Classful IP Addresses

Problem 1. Too few network addresses for large networks

– Class A and Class B addresses are gone
Problem 2. Two-layer hierarchy is not appropriate for large
networks with Class A and Class B addresses.
– Fix #1: Subnetting
Problem 3. Inflexible. Assume a company requires 2,000
addresses
– Class A and B addresses are overkill
– Class C address is insufficient (requires 8 Class C
addresses)
Fix #2: Classless Interdomain Routing (CIDR)
 Problems with Classful IP Addresses

Problem 4: Exploding Routing Tables: Routing on the

backbone Internet needs to have an entry for each network
address. In 1993, the size of the routing tables started to
outgrow the capacity of routers.
– Fix #2: Classless Interdomain Routing (CIDR)

Problem 5. The Internet is going to outgrow the 32-bit

addresses

– Fix #3: IP Version 6

Subnetting

• Problem: Organizations
have multiple networks
University Network
which are independently
managed Engineering Medical
– Solution 1: Allocate one or School School
more Class C address for
each network
• Difficult to manage Library
• From the outside of the
organization, each network
must be addressable.
– Solution 2: Add another
level of hierarchy to the
Subnetting
IP addressing structure
Basic Idea of Subnetting
One solution to the IP address shortage was thought to be the subnet mask.

• Split the host number portion of an IP address into a

subnet number and a (smaller) host number.
• Result is a 3-layer hierarchy

network prefix host number

network prefix subnet number host number

• Then: extended network prefix

• Subnets can be freely assigned within the organization
• Internally, subnets are treated as separate networks
• Subnet structure is not visible outside the organization
Subnet Masks

• Routers and hosts use an extended network prefix (subnet

mask) to identify the start of the host numbers

Class B 10 network host

16 bits
Network Prefix (16 bits)

with 10 network subnet host

subnetting
Extended Network Prefix (24 bits)
Subnet
mask 1111111111111111111111100000000
(255.255.255.0)

* There are different ways of subnetting. Commonly used netmasks for university
networks with /16 prefix (Class B) are 255.255.255.0 and 255.255.0.0
Subnet Example
Given the Class B address 190.52.0.0

Class B Network Network Host Host

Using /24
subnet... Network Network Subnet Host

Internet routers still “see” this net as 190.52.0.0

190.52.1.2 But internal routers think all

190.52.2.2 these addresses are on different
190.52.3.2 networks, called subnetworks
Subnet Example

Network Network Subnet Host

Using the 3rd octet, 190.52.0.0 was divided into:

190.52.1.0 190.52.2.0 190.52.3.0 190.52.4.0
190.52.5.0 190.52.6.0 190.52.7.0 190.52.8.0
190.52.9.0 190.52.10.0 190.52.11.0 190.52.12.0
190.52.13.0 190.52.14.0 190.52.15.0 190.52.16.0
190.52.17.0 190.52.18.0 190.52.19.0 and so on ...
 Subnet Example

Network address 190.52.0.0 with /16 network mask

Using Subnets: subnet mask 255.255.255.0 or /24

Network Network Subnet Host

190 52 0 Host Subnets

190 52 1 Host
190 52 2 Host
255
190 52 3 Host Subnets

190 52 Etc. Host 28 - 1

190 52 254 Host

Cannot use last
190 52 255 Host subnet as it
contains broadcast
address
 Subnet Example

Subnet 0 (all 0’s subnet) issue: The address of the subnet,

190.52.0.0/24 is the same address as the major network,
190.52.0.0/16.
Network Network Subnet Host

190 52 0 Host Subnets

190 52 1 Host
190 52 Etc. Host
255
190 52 254 Host Subnets
28 - 1
190 52 255 Host
Last subnet (all 1’s subnet) issue: The broadcast address for
the subnet, 190.52.255.255 is the same as the broadcast
address as the major network, 190.52.255.255.
/30 subnets

207.21.24.0/24 network subnetted into eight /27 (255.255.255.224)

subnets

207.21.24.192/27 subnet, subnetted into eight /30

(255.255.255.252) subnets
• This network has seven /27 subnets with 30 hosts each
AND eight /30 subnets with 2 hosts each.
• /30 subnets are very useful for serial networks.
 207.21.24.192/27 207.21.24. 11000000
/30 Hosts Bcast 2 Hosts
0 207.21.24.192/30 207.21.24. 110 00000 01 10 11 .193 & .194
1 207.21.24.196/30 207.21.24. 110 00100 01 10 11 .197 & .198
2 207.21.24.200/30 207.21.24. 110 01000 01 10 11 .201 & .202
3 207.21.24.204/30 207.21.24. 110 01100 01 10 11 .205 & .206
4 207.21.24.208/30 207.21.24. 110 10000 01 10 11 .209 & .210
5 207.21.24.212/30 207.21.24. 110 10100 01 10 11 .213 & .214
6 207.21.24.216/30 207.21.24. 110 11000 01 10 11 .217 & .218
7 207.21.24.220/30 207.21.24. 110 11100 01 10 11 .221 & .222
 207.21.24.192/30 207.21.24.204/30

207.21.24.216/30
207.21.24.96/27 207.21.24.128/27
207.21.24.64/27
207.21.24.208/30 207.21.24.212/30
207.21.24.196/30 207.21.24.200/30

207.21.24.160/27 207.21.24.224/27 207.21.24.32/27 207.21.24.0/27

• This network has seven /27 subnets with 30 hosts each AND seven
/30 subnets with 2 hosts each (one left over).
• /30 subnets with 2 hosts per subnet do not waste host addresses on
serial networks .
Typical Addressing Plan for an Organization that
uses subnetting
• Each layer-2 network (Ethernet segment, FDDI segment) is
allocated a subnet address.

128.143.71.0 / 24

128.143.0.0/16 128.143.16.0 / 24

128.143.7.0 / 24 128.143.8.0 / 24

128.143.17.0 / 24

128.143.22.0 / 24

128.143.136.0 / 24
Advantages of Subnetting

• With subnetting, IP addresses use a 3-layer hierarchy:

» Network
» Subnet
» Host
• Improves efficiency of IP addresses by not consuming an
entire Class B or Class C address for each physical network/
• Reduces router complexity. Since external routers do not
know about subnetting, the complexity of routing tables at
external routers is reduced.

• Note: Length of the subnet mask need not be identical at all

subnetworks.
 Problems with Subnet Addresses

• Problem:
– Potential exhaustion of IPv4 address space (due to inefficiency)
• Class B network numbers are highly prized
– Not everyone needs one
• Lots of class C addresses but no one wants them
– Growth of back bone routing tables
• We don’t want lots of small networks since this causes large routing
tables
• Route calculation and management requires high computational
overhead
• Solution:
– Allow addresses assigned to a single entity to span multiple classed
prefixes
– Enhance route aggregation
 Supernetting
• Assign block of contiguous network numbers to nearby networks
• Called CIDR: Classless Inter-Domain Routing
– Breaks rigid boundaries between address classes
– If ISP needs 16 class C addresses, make them contiguous
• Eg.192.4.16 to 192.4.31 enables a 20-bit network number
– Idea is to enable network number to be any length
– Collapse multiple addresses assigned to a single to one
address
• Represent blocks (number of class C networks) with a single pair
(first_network_address, count)
• Restrict block sizes to powers of 2
• Use a bit mask (CIDR mask) to identify block size
• All routers must understand CIDR addressing
CIDR - Classless Interdomain Routing

• IP backbone routers have one routing table entry for each

network address:
– With subnetting, a backbone router only needs to know one entry for
each Class A, B, or C networks
– This is acceptable for Class A and Class B networks
• 27 = 128 Class A networks
• 214 = 16,384 Class B networks
– But this is not acceptable for Class C networks
• 221 = 2,097,152 Class C networks
• In 1993, the size of the routing tables started to outgrow the
capacity of routers
• Consequence: The Class-based assignment of IP addresses
had to be abandoned
CIDR - Classless Inter-Domain Routing

• By using a prefix address to summarizes routes, administrators can

keep routing table entries manageable, which means the following
– More efficient routing
– A reduced number of CPU cycles when recalculating a routing
table, or when sorting through the routing table entries to find a
match
– Reduced router memory requirements
• Route summarization is also known as:
– Route aggregation
– Supernetting
• Supernetting is essentially the inverse of subnetting.
• CIDR moves the responsibility of allocation addresses away from a
centralized authority (InterNIC).
• Instead, ISPs can be assigned blocks of address space, which they
can then parcel out to customers.
CIDR - Classless Interdomain Routing

• Goals:
– Restructure IP address assignments to increase efficiency
– Hierarchical routing aggregation to minimize route table
entries

• CIDR (Classless Interdomain routing) abandons the notion of

classes:
Key Concept: The length of the network id (prefix) in the IP
addresses is kept arbitrary

• Consequence: Routers advertise the IP address and the

length of the prefix
 ISP/NAP Hierarchy - “The Internet: Still hierarchical after all
these years.” Jeff Doyle (Tries to be anyways!)

NAP (Network Access Point)

Network Network
Service Service
Provider Provider

Regional Regional Regional Regional

Service Service Service Service
Provider Provider Provider Provider

ISP ISP ISP ISP ISP ISP ISP ISP

Subscribers Subscribers Subscribers Subscribers Subscribers Subscribers Subscribers Subscribers

CIDR Example

• CIDR notation of a network address:

192.0.2.0/18
• "18" says that the first 18 bits are the network part of the
address (and 14 bits are available for specific host
addresses)
• The network part is called the prefix

• Assume that a site requires a network address with 1000 addresses

• With CIDR, the network is assigned a continuous block of 1024 addresses
with a 22-bit long prefix
CIDR: Prefix Size vs. Network Size

CIDR Block Prefix # of Host Addresses

/27 32 hosts
/26 64 hosts
/25 128 hosts
/24 256 hosts
/23 512 hosts
/22 1,024 hosts
/21 2,048 hosts
/20 4,096 hosts
/19 8,192 hosts
/18 16,384 hosts
/17 32,768 hosts
/16 65,536 hosts
/15 131,072 hosts
/14 262,144 hosts
/13 524,288 hosts
Without CIDR, a
router must
maintain
individual
routing table
entries for these
class B
networks.

With CIDR, a
router can
summarize
these routes
using a single
network
address by
using a 13-bit
prefix:
172.24.0.0 /13
Steps:
1. Count the number of left-most matching bits, /13 (255.248.0.0)
2. Add all zeros after the last matching bit:
172.24.0.0 = 10101100 00011000 00000000 00000000
CIDR and Address assignments

• Backbone ISPs obtain large block of IP addresses space and

then reallocate portions of their address blocks to their
customers.

Example:
• Assume that an ISP owns the address block 206.0.64.0/18, which
represents 16,384 (214) IP addresses
• Suppose a client requires 800 host addresses
• With classful addresses: need to assign a class B address (and
waste ~64,700 addresses) or four individual Class Cs (and introducing 4
new routes into the global Internet routing tables)
• With CIDR: Assign a /22 block, e.g., 206.0.68.0/22, and allocated a
block of 1,024 (210) IP addresses.
CIDR and Routing Information

Company X :
206.0.68.0/22
ISP X owns:
206.0.64.0/18
204.188.0.0/15
209.88.232.0/21
Internet
Backbone ISP y :
209.88.237.0/24

Organization z1 : Organization z2 :
209.88.237.192/26 209.88.237.0/26
CIDR and Routing Information
Backbone routers do not know
anything about Company X, ISP
Y, or Organizations z1, z2.
Company X :
206.0.68.0/22
ISP X does not know about ISPISP X owns:
y sends everything which matches
Organizations z1, z2. the prefix:
206.0.64.0/18 to Organizations z1
209.88.237.192/26
204.188.0.0/15to Organizations z2
209.88.237.0/26
209.88.232.0/21
Internet
ISP X sends everything which
Backbone
matches the prefix: ISP y :
206.0.68.0/22 to Company X,
209.88.237.0/24 to ISP y 209.88.237.0/24

Backbone sends everything

which matches the prefixes
Organization z1 : Organization z2 :
206.0.64.0/18, 204.188.0.0/15,
209.88.232.0/21 to ISP X. 209.88.237.192/26 209.88.237.0/26
IPv6 - IP Version 6

• IP Version 6
– Is the successor to the currently used IPv4
– Specification completed in 1994
– Makes improvements to IPv4 (no revolutionary changes)

• One (not the only !) feature of IPv6 is a significant increase in

of the IP address to 128 bits (16 bytes)
• IPv6 will solve – for the foreseeable future – the
problems with IP addressing
IPv6 vs. IPv4: Address Comparison

• IPv4 has a maximum of

232  4 billion addresses
• IPv6 has a maximum of
2128 = (232)4  4 billion x 4 billion x 4 billion x 4 billion
addresses
IPv6 Provider-Based Addresses

• The first IPv6 addresses will be allocated to a provider-based

plan

Registry Provider Subscriber Subnetwork Interface

010
ID ID ID ID ID

• Type: Set to “010” for provider-based addresses

• Registry: identifies the agency that registered the address
The following fields have a variable length (recommeded length in “()”)
• Provider: Id of Internet access provider (16 bits)
• Subscriber: Id of the organization at provider (24 bits)
• Subnetwork: Id of subnet within organization (32 bits)
• Interface: identifies an interface at a node (48 bits)
More on IPv6 Addresses

• The provider-based addresses have a similar flavor as CIDR

addresses

• IPv6 provides address formats for:

– Unicast – identifies a single interface
– Multicast – identifies a group. Datagrams sent to a
multicast address are sent to all members of the group
– Anycast – identifies a group. Datagrams sent to an anycast
address are sent to one of the members in the group.
Address Resolution Protocol (ARP)
Internet and Data Link Layer Addresses

• Each host and router on a subnet needs a data link

layer address to specify its address on the subnet
– This address appears in the data link layer frame
sent on a subnet
– For instance, 48-bit 802.3 MAC layer frame
addresses for LANs

Subnet DA
DL Frame for Subnet
Addresses

• Each host and router also needs an IP address at the internet

layer to designate its position in the overall Internet

128.171.17.13
Subnet

Subnet

Subnet
Internet and Data Link Addresses Serve
Different Purposes

• IP address
– To guide delivery to destination host across the
Internet (across multiple networks)
• Subnet Address
– To guide delivery between two hosts, two routers,
and a host and router within a single subnet
– Same LAN, Frame Relay network, etc.
Address Resolution
• Problem
– Router knows that destination host is on its
subnet based on the IP address of an arriving
packet
– Does not know the destination host’s subnet
address, so cannot deliver the packet across
the subnet

Destination Host
128.171.17.13
Subnet
subnet address?
Address Resolution Protocol (ARP)
• Router creates an ARP Request message to be
sent to all hosts on the subnet.
– Address resolution protocol message asks
“Who has IP address 128.171.17.13?”
– Passes ARP request to data link layer process
for delivery

Subnet
ARP Request
Address Resolution Protocol (ARP)
• Data link process of router broadcasts the ARP
Request message to all hosts on the subnet.
– On a LAN, MAC address of 48 ones tells all
stations to pay attention to the frame

Subnet
ARP Request
 Address Resolution Protocol (ARP)

• Host with IP address 128.171.17.13 responds

– Internet process creates an ARP response
message
– Contains the destination host’s subnet address
(48-bit MAC address on a LAN)

ARP Response

Subnet
Address Resolution Protocol (ARP)
• Router delivers the IP packet to the destination
host
– Places the IP packet in the subnet frame
– Puts the destination host’s subnet address in
the destination address field of the frame

Deliver IP Packet
within a subnet frame

Subnet
 Address Resolution Protocol

• ARP Requests and Responses are sent between the internet

layer processes on the router and the destination host

ARP
Router Destination Host
Request
Internet Internet
Process Process
ARP
Response
Address Resolution Protocol
• However, the data link processes deliver these
ARP packets
– Router broadcasts the ARP Request
– Destination host sends ARP response to the
subnet source address found in the broadcast
frame

Router Destination Host

Internet Internet
Process Broadcast ARP Request Process
Data Link Data Link
Process Process
Direct ARP Response
Addressing: routing to another LAN

 A creates IP datagram with IP source A, destination B

 A creates link-layer frame with R's MAC address as dest, frame
contains A-to-B IP datagram
MAC src: 74-29-9C-E8-FF-55
MAC dest: E6-E9-00-17-BB-4B
IP src: 111.111.111.111
IP dest: 222.222.222.222

IP
Eth
Phy

A B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B

111.111.111.112 111.111.111.110 222.222.222.221

CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 88-B2-2F-54-1A-0F
Addressing: routing to another LAN

 frame sent from A to R

 frame received at R, datagram removed, passed up to IP
MAC src: 74-29-9C-E8-FF-55
IP src: 111.111.111.111
MAC dest: E6-E9-00-17-BB-4B
IP dest: 222.222.222.222
IP src: 111.111.111.111
IP dest: 222.222.222.222

IP IP
Eth Eth
Phy Phy

A B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B

111.111.111.112 111.111.111.110 222.222.222.221

CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 88-B2-2F-54-1A-0F
Addressing: routing to another LAN
 R forwards datagram with IP source A, destination B
 R creates link-layer frame with B's MAC address as dest, frame
contains A-to-B IP datagram
MAC src: 1A-23-F9-CD-06-9B
MAC dest: 49-BD-D2-C7-56-2A
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
IP Eth
Eth Phy
Phy

A B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B

111.111.111.112 111.111.111.110 222.222.222.221

CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 88-B2-2F-54-1A-0F
Addressing: routing to another LAN

 R forwards datagram with IP source A, destination B

 R creates link-layer frame with B's MAC address as dest, frame
contains A-to-B IP datagram
MAC src: 1A-23-F9-CD-06-9B
MAC dest: 49-BD-D2-C7-56-2A
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
IP Eth
Eth Phy
Phy

A B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B

111.111.111.112 111.111.111.110 222.222.222.221

CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 88-B2-2F-54-1A-0F
Addressing: routing to another LAN

 R forwards datagram with IP source A, destination B

 R creates link-layer frame with B's MAC address as dest, frame
contains A-to-B IP datagram
MAC src: 1A-23-F9-CD-06-9B
MAC dest: 49-BD-D2-C7-56-2A
IP src: 111.111.111.111
IP dest: 222.222.222.222

IP
Eth
Phy

A B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B

111.111.111.112 111.111.111.110 222.222.222.221

CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 88-B2-2F-54-1A-0F
Network Address Translation (NAT)

61
Private Network

• Private IP network is an IP network that is not directly

connected to the Internet

• IP addresses in a private network can be assigned arbitrarily.

– Not registered and not guaranteed to be globally unique

• Generally, private networks use addresses from the following

experimental address ranges (non-routable addresses):
– 10.0.0.0 – 10.255.255.255
– 172.16.0.0 – 172.31.255.255
– 192.168.0.0 – 192.168.255.255

62
Private Addresses

H1 H2 H3 H4

10.0.1.2 10.0.1.3 10.0.1.2 10.0.1.3

10.0.1.1 10.0.1.1
Private network 1 Private network 1
Internet
R1 128.195.4.119 128.143.71.21 R2

213.168.112.3

H5

63
Network Address Translation (NAT)
• A technology that can provide the mapping between the private and universal
addresses.
• The technology allows a site to use a set of private addresses for internal
communication and a set of global Internet addresses (at least one) for
communication with the rest of the world.
• The site must have only one connection to the global Internet through a NAT-
capable router that runs NAT software.
• NAT is a way to conserve IP addresses
– Can be used to hide a number of hosts behind a single IP address
– Uses private addresses:
• 10.0.0.0-10.255.255.255,
• 172.16.0.0-172.32.255.255 or
• 192.168.0.0-192.168.255.255
Network Address Translation (NAT)

• NAT is a router function where IP addresses (and possibly

port numbers) of IP datagrams are replaced at the boundary
of a private network

• NAT is a method that enables hosts on private networks to

communicate with hosts on the Internet

• NAT is run on routers that connect private networks to the

public Internet, to replace the IP address-port pair of an IP
packet with another IP address-port pair.

65
Basic Operation of NAT

• NAT device has address translation table

• One to one address translation

66
Pooling of IP Addresses

• Scenario: Corporate network has many hosts but only a

small number of public IP addresses
• NAT solution:
– Corporate network is managed with a private address
space
– NAT device, located at the boundary between the
corporate network and the public Internet, manages a pool
of public IP addresses
– When a host from the corporate network sends an IP
datagram to a host in the public Internet, the NAT device
picks a public IP address from the address pool, and binds
this address to the private address of the host

67
Pooling of IP Addresses

Private Internet
network

Source = 10.0.1.2 Source = 128.143.71.21

Destination = 213.168.112.3 Destination = 213.168.112.3

private address: 10.0.1.2 NAT

public address: 213.168.112.3
public address: device
H1 H5

Private Public
Address Address
10.0.1.2

Pool of addresses: 128.143.71.0-128.143.71.30

68
Supporting Migration between Network Service
Providers
• Scenario: In CIDR, the IP addresses in a corporate network are obtained
from the service provider. Changing the service provider requires
changing all IP addresses in the network.
• NAT solution:
– Assign private addresses to the hosts of the corporate network
– NAT device has static address translation entries which bind the
private address of a host to the public address.
– Migration to a new network service provider merely requires an update
of the NAT device. The migration is not noticeable to the hosts on the
network.
Note:
– The difference to the use of NAT with IP address pooling is that the
mapping of public and private IP addresses is static.

69
Supporting Migration between network service
Providers

70
IP Masquerading

• Also called: Network address and port translation

(NAPT), port address translation (PAT).
• Scenario: Single public IP address is mapped to multiple
hosts in a private network.
• NAT solution:
– Assign private addresses to the hosts of the corporate
network
– NAT device modifies the port numbers for outgoing traffic

71
IP Masquerading

72
Load Balancing of Servers

• Scenario: Balance the load on a set of identical servers,

which are accessible from a single IP address

• NAT solution:
– Here, the servers are assigned private addresses
– NAT device acts as a proxy for requests to the server from
the public network
– The NAT device changes the destination IP address of
arriving packets to one of the private addresses for a
server
– A sensible strategy for balancing the load of the servers is
to assign the addresses of the servers in a round-robin
fashion.

73
Load Balancing of Servers

74
Concerns about NAT

• Performance:
– Modifying the IP header by changing the IP address
requires that NAT boxes recalculate the IP header
checksum
– Modifying port number requires that NAT boxes recalculate
TCP checksum
• Fragmentation
– Care must be taken that a datagram that is fragmented
before it reaches the NAT device, is not assigned a
different IP address or different port numbers for each of
the fragments.

75
Concerns about NAT

• End-to-end connectivity:
– NAT destroys universal end-to-end reachability of hosts on
the Internet.

– A host in the public Internet often cannot initiate

communication to a host in a private network.

– The problem is worse, when two hosts that are in a private

network need to communicate with each other.

76
Concerns about NAT

• IP address in application data:

– Applications that carry IP addresses in the payload of the
application data generally do not work across a private-
public network boundary.

– Some NAT devices inspect the payload of widely used

application layer protocols and, if an IP address is detected
in the application-layer header or the application payload,
translate the address according to the address translation
table.

77