From: Andre Noll Date: Wed, 24 Jan 2024 15:33:52 +0000 (+0100) Subject: networking: Turn homework on NAT into a subsection. X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=0d59e38cde7abde43b895b45b2db6aeacf834c46;p=aple.git networking: Turn homework on NAT into a subsection. --- diff --git a/Networking.m4 b/Networking.m4 index f64b341..c0bbd2b 100644 --- a/Networking.m4 +++ b/Networking.m4 @@ -256,6 +256,44 @@ of the packet.

facility, which means that packets may be lost, arrive multiple times, or out of order. Moreover, packets can be fragmented or defragmented.

+SUBSECTION(«Network Address Translation (NAT)») + +

IP addresses are a global resource, so each address must only be +assigned to at most one device. The Internet Assigned Numbers +Authority (IANA) coordinates who is entitled to use any given +range of IPv4 addresses. However, a number IP ranges, for example the +ranges 10.0.0.0-10.255.255.255 and 192.168.0.0-192.168.255.255, are +reserved for local use only so that these addresses can be assigned +in multiple local networks without interfering with each other.

+ +

In a network which contains only local addresses, the devices +can communicate with each other, but they will not be able to access +public world-wide services. To illustrate how NAT works around this +restriction, consider a desktop computer in a local network which +intents to perform a web search by contacting a public web server +which is not a member of the local network.

+ +

The desktop is configured to route packets which are not +destined for the local network through a dedicated machine, called +the router. The router has two IP addresses: one address +in the local network and a public NAT address. As traffic passes +from the desktop through the router to the web server, the router +alters the source address of each IP packet (the local address of the +desktop) to the public NAT address of the router, and keeps track of +all thusly forwarded connections. When a reply arrives at the router, +it uses the connection tracking data stored during the outbound phase +to determine the address in the local network to which to forward the +reply. This time the router alters the destination address +of the packet to the local address of the desktop and forwards the +packet to the desktop via the local network.

+ +

NAT can be seen as providing a kind of privacy mechanism because +machines on the internet cannot monitor which hosts are sending and +receiving traffic. They only see the NAT address. NAT has also +downsides though: Pinpointing the source of a problem becomes harder, +and encryption becomes more difficult. For example you can not encrypt +the IP address because the router must be able to change it.

+ EXERCISES()