Professional Documents
Culture Documents
Topology Hiding - Vijay - Top
Topology Hiding - Vijay - Top
Sandeep Pinnamaneni
Vijay Chand Uyyuru
Vivek Nemarugommula
Agenda
Introduction
Problem definition
Benchmarks and Metrics
Requirements
Summary
Conclusion
What is Topology Hiding?
Source: www.newport-networks.com/downloads/eluff_Interworking.ppt
Network Address Translation
NAT is an Internet standard that enables a local-area network
(LAN) to use one set of IP addresses for internal traffic and
a second set of addresses for external traffic.
Static NAT
Dynamic NAT
Overloading NAT
Static NAT
Mapping an unregistered IP address to a registered IP
address on a one-to-one basis. Particularly useful when a
device needs to be accessible from outside the network.
Source: http://computer.howstuffworks.com/nat1.htm
Dynamic NAT
Maps an unregistered IP address to a registered IP address
from a group of registered IP addresses.
Source: http://computer.howstuffworks.com/nat1.htm
Overloading NAT
A form of dynamic NAT that maps multiple
unregistered IP addresses to a single registered IP
address by using different ports. This is known
also as PAT (Port Address Translation), single
address NAT or port-level multiplexed NAT.
Source: http://computer.howstuffworks.com/nat1.htm
NAT Variations
Symmetric NAT
NAT Problem
The NAT maintains a 'table' that links private and public
addresses and port numbers. It is important to note that
these 'bindings' can only be initiated by outgoing traffic.
NAT breaks end-to-end semantics.
Source: http://www.newport-networks.com/whitepapers/nat-
Methods of solving the ‘NAT Problem’
Source: http://www.newport-networks.com/whitepapers/nat-
traversal.html
Operation of STUN
The STUN proposal defines a special STUN server in the
public address space to inform the STUN-enabled SIP client
in the corporate (private) address space of the Public NAT
IP address and port being used for that particular session.
Link:
http://nutss.gforge.cis.cornell.edu/pub/i
mc05-tcpnat/
Market Share of NAT Brands
TCP NAT Traversal
Approaches
TCP NAT Traversal
Approaches
TCP NAT-Traversal Success Rates
Address Shortage Causes More
NAT Deployment
10000
1000
100
10
1
S- M- S- M- S- M- S- M- S- M- S- M- S- M- S- M- S- M- S- M- S- M- S- M- S- M-
96 97 97 98 98 99 99 00 00 01 01 02 02 03 03 04 04 05 05 06 06 07 07 08 08 09
Introduction
Overview
Problem Definition
Introduction
If node moves from one link to another without
changing its IP address, it will be unable to receive
packets at the new link
If a node changes its IP address when it moves, it
will have to terminate and restart any ongoing
communications each time it moves
Mobile IP solves these problems in secure, robust,
and medium-independent manner whose scaling
properties make it applicable throughout the entire
Internet
Requirements
Main reference document : Request for Comments
(RFC-3344) in 2002.
A mobile node must be able to communicate with
other nodes after changing its link-layer point of
attachment to the Internet, yet without changing its
IP address.
A mobile node must be able to communicate with
other nodes that do not implement these mobility
functions
Overview
Mobile IP introduces the following new functional entities:
Mobile Node: A host or router that changes its point of
attachment from one network or sub network to another.
Internet
Corresponding Host
Problems with IP addreses
TCP Association
CN (corresponding node)
128.59.16.149
135.180.32.4
80 1733
128.59.16.149
moves
MN MN
(mobile node)
135.180.32.4 135.180.54.7
135.180.32.4 135.180.54.7
128.59.16.149 128.59.16.149
1733 80 1733 80
NAT Traversal Of Mobile IP
(Problem Definition)
A basic assumption that Mobile IP makes is that mobile nodes
and foreign agents are uniquely identifiable by a globally routable
IP address. This assumption breaks down when a mobile node
attempts to communicate from behind NAT.
Mobile IP relies on sending traffic from the home network to the
mobile node or foreign agent through IP-in-IP tunnelling. IP
nodes which communicate from behind a NAT are reachable only
through the NAT's public address(es).
Problem Illustrated
Problem Definition(continued)
IP-in-IP tunnelling does not generally contain enough
information to permit unique translation from the
common public address(es) to the particular care-of
address of a mobile node or foreign agent which
resides behind the NAT; in particular there are no
TCP/UDP port numbers available for a NAT to work
with.
For this reason, IP-in-IP tunnels cannot in general
pass through a NAT, and Mobile IP will not work
across a NAT.
Problem Illustrated
Conclusion
What is needed is an alternative data tunnelling
mechanism for Mobile IP which will provide the
means needed for NAT devices to do unique
mappings so that address translation will work, and a
registration mechanism which will permit such an
alternative tunnelling mechanism to be set up when
appropriate.
Nat problem
Methods to solve NAT problem
NAT Traversal of Mobile Ip
IP sec
References
http://www.ietf.org/rfc/rfc2356.txt
http://www.faqs.org/rfcs/rfc3519.html
http://www.ipunplugged.com/pdf/NAPTTraversalWithMobileIP.p
df
http://www.cisco.com/univercd/cc/td/doc/product/software/ios1
20/120newft/120t/120t1/mobileip.htm#3932
http://www.cp.eng.chula.ac.th/~intanago/Classes/2004_2/AdvC
omNet/Mobile%20IP.pdf
http://www.faqs.org/rfcs/rfc2411.html
http://www.unixwiz.net/techtips/iguide-ipsec.html
http://www.netcraftsmen.net/welcher/seminars/intro-ipsec.pdf
http://www.cisco.com/univercd/cc/td/doc/product/software/ios1
22/122newft/122t/122t13/ftipsnat.htm
http://www.phptr.com/articles/article.asp?p=330804&rl=1