SlideShare a Scribd company logo

NAT

ā€¢
ā€¢
Surinder Kaur
Surinder Kaur

A report on NAT

Education
1 of 9
Download to read offline
NAT: NETWORK ADDRESS TRANSLATION SURINDER KAUR 2012CS13 02-10-2012
1 Introduction It is well known fact that the computer communicates with each other using their IP address over the interrnet. The IP address is a 32 bit address (in IPv4 scheme) and it uniquely identiļ¬es a computer overthe network of computers i.e. internet. It is evident that only 232 unique addresses are possible in with 32 bit scheme.However the available adreessses are even less due to various reasons as such as some of them are reserved for special puposes like multicasting, broadcasting. Looking at the immense use of networking and therby the exponential growth in the numberr of computers requiring unique IP address it seems that very soon the adresses avialable inIPv4 saheme will be out of the stock. and then no new IP adresses can be provided. Is it really going to happen? .Certainly not. The solution proposed to this scheme is use 64 bit IP addresses, known as IPv6.In this scheme all the IP addresses will be of 64-bit. Hence the address space will grow from 232 to 264 , deļ¬nitely itā€™s a huge space and hopefully suļ¬ƒcient for a long time. However it is required to convert all the current IPv4 address into corre- sponding IPv6 addresses to implement IPv6 scheme across the intrernet.But it is not an easy task, since it requires entire networking structure to be converted from 32-bit to 64-bit, all the routing table entries, the security algorithms etc need to be changed. Which deļ¬ntely requires lots of time and care also. So for the meantime two major solutions were proposed: CIDR CIDR stands forClassless InterDomain Routing. In this the conventional claasful IP addressing is converted into classless ad- dressing. In this scheme the IP address is divided into - netid i.e. the id of network and host id i.e. the id of individual machine in the network using the slash notation, the number after the slash gives the number of bits in the net id and the remaining bits are host id. 172.31.100.29/23 implies that the 23 bits from MSB are netid and the remaining 9 bits are the host id. Hence in this case the net id is: 172.31.100 and the host is : 29 NAT A new technology is introduced to prevent the outrun of the IP ad- dresses. This technology is termed as NAT i.e. Network Address Translation. NAT is a standard that allows the LAN to group its sys- tem such that they use a set of IP addresses for communicating with the external networks, this set of address is called publicIPaddress 1
and another set of IP addresses for communication within the network, which is called privateIPaddress. 2 NAT: Brief sescription The gist of NAT in one line is that NAT maps private IPs to Public IPs.It maps the IPaddress-port pair int he packet to another set of IP address-port pair. There are three address ranges reserved for private IPs: ā€¢ 10.0.0.0/8 ā€¢ 172.16.0.0/16 to 172.31.0.0/16 ā€¢ 192.168.0.0/24 to 192.168.255.0/24 The NAT technology is implemented in any of the devices that are at the edge i.e. at the boundary of the LAN and the rest of the internet, like routers, ļ¬rewalls.NAT can use one of the following mapping technique: Static In this there is one-to-one correspondence between the private IP ad- dress and the public IP address. A private IP address always maps to the same public IP always. Dynamic In this there is one-to-many mapping between the private and the public IP address. A private IP address can be mapped to any one of the available public IP address. Overloading In this there is many-to-one correspondence between the private and public IP address. Many private IP address can be mappped to single public IP address but with a diļ¬€erent port. Hence this scheme is also known as port āˆ’ address āˆ’ translation or port- level-multiplexed NAT. overlapping The solution to this dilemma is to use a more sophisticated form of NAT. The other versions we have seen so far always trans- late either the source address or the destination address as a datagram passes from the inside network to the outside network or vice versa. To cope with overlapping addresses, we must translate both the source address and the destination address on each transition from the inside 2
to the outside or the other direction. This technique is called Overlap- ping NAT in reference to the problem it solves, or Twice NAT due to how it solves it. (Incidentally, despite the latter name, regular NAT is not called Once NAT.) Twice NAT functions by creating a set of mappings not only for the private network the NAT router serves, but also for the overlapping network (or networks) that conļ¬‚ict with the inside networkā€™s address space. In order for this to function, Twice NAT relies on the use of the TCP/IP Domain Name System (DNS), just like bidirectional NAT. This lets the inside network send requests to the overlapping network in a way that can be uniquely identiļ¬ed. Otherwise, the router canā€™t tell what overlapping network our inside network is trying to contact. 2.1 NAT Table It is the table maintained by the NAT server. It contains the entries of of the each node behind the NAT. It contains the private IP address of the node and the its corresponding public address. The NAT table is refreshed periodically. 2.2 Working of NAT The working of NAT can be summarized in the following points: ā€¢ When two systems witihn the LAN wants to communicate, they com- municate using their private IP address, in this case no private to public mapping is required. ā€¢ When a system within the LAN wants to communicate with an system that is outside the LAN. As the packet reaches the router that imple- ments the NAT technology, the NAT server ļ¬rst veriļ¬es that the packet is inside to outside packet and it speciļ¬es the criteria speciļ¬ed for translation, if so it checks its NAT table, if it has enttry correspond- ing to the private IP address this table it map the private IP to the corresponding public IP address. and then forward the packet to the destination with the source IP as the public IP. ā€¢ When the response from an external network reaches to the LANā€™s NAT router, the destination IP of the corresponding packet is one of the public IP of the LAN. the NAT router then checks the translation table for the IP and amp it to the corresponding private IP. 3
ā€¢ However it is not possible to make outside to inside connectio that is initiated by some outside system. 3 NAT TRAVERSAL 3.1 The NAT TRAVERSAL PROBLEM A system outside a LAN can not initiate a connection to any system inside the LAN that is using the NAT. This problem is termed the NAT traver- sal problem. This is due to the reason that the NAT is unab;le to perform the reverse mapping i.e it can map private IP to public IP and the pub- lic IP in response to the private IP but can not perform the mapping of public IP to private IP in case of outside initiated queries. 3.2 Traversal approches To overcome the NAT traversal problem the various NAT traersal approaches have been proposed. Most of them make use of third party server for outside to inside connection. However some other approaches have been proposed most promising one is the autonomous NAT traversal. Using third paty server for connection revarsal To have the outside to inside connection in the NAT is using thied party server. It is the most populr approach for the above ssaid purpose. The third party server are located outsise the LAN behind the NAT. What it actually does is that it involves a third party seerver. When a client ouside the NAT wants to establish the connection with the server behind NAT, the process proceeds as follows: ā€¢ The client request the third party server to help establish connec- tion with the server. ā€¢ Then the third party server notiļ¬es the server that the client wants to establish the connection. ā€¢ The server then initiates the connection with the client. This approach is termed as connection revarsal approach be- cause the thirdd party server turns the client initiated communica- tion to the sever initiated communication. However it is required that the serveralways nees d to maintain connection to third party server 4
The major drawback of third party server approach is that it ā€¢ It require third party to be involved. ā€¢ It is a complex pproach ā€¢ An attacker can easily attack the system by analyzing the traļ¬ƒc. The major third party server are: TURN TURN stands for Traversal Using Relays around NAT. It is a protocoll that facilitate outside to inside connection in the NAT. However it does not alow the system behind hte NAT to be server but only to connect to single system outside the NAT. i.e. the TURN allows to establish the connection between one system inside the NAT and other one outside the NAT but not to multiple system. In this way it is as secure as the NAT but it turns the table so that the connection in NAT can be established from outside to inside Interactive Connectivity Establishment It is used for the same purpose. It uses STUN and TURN and other likewise protocols as tools. The ICE resides within the sys- tem outside the NAT i.e. the client.Using the various tools the client gets the list of addresses. ICE perform connectivity test on each of them. and uses the best address. The major advantage of this protocol is thst it always ļ¬nd the path if one exists and the path it uses is the best one. However the drawback is that it requires several iterations. Relaying When both the peers are behind NAT then the relaying method is used. A third party server is used and peers communicate via this server. The method works as follwing: ā€¢ Both the peers have aeither TCP or UDP connection with the server. ā€¢ The peer that wants to initiate the communication with another peer, it transmits it message to the server. ā€¢ Since server has connection with the peer Hence the server then relay this message to the other peer. 5
ā€¢ when the other peer respond to the initating peer, it can not directly communicate. So it transmit tje message to thr server involved and the server in turn relay the mesasge back to the peer. this approach is considered to be the most reliable approach. But it requires lot of network bandwidth, consumes server processing power. Also the communication latency increases. Hence it is the least eļ¬ƒcient approach. Autonomous Traversal In this approach no third party server involves. In this way it reduces complexity and decreases the chances of attack. The basic assumption of this approach is that the outside system knows the public IP address(s) of the NAT router behind which the intended system resides. It is possible due to the previous exchange betweent he outside system and the inside system. The outside system can be termed asclient and the inside system as server. The steps involved in the autonomous NAT traversal can be dscribed as following: Communicate the public IP of client to the server The sever periodically sends a message to a known IP address. It may use ICMP ECHO REQUEST message to an unallo- cateed IP address i.e. for which no entry exis in the routing table. Since no entry teh server sent request for an unallocated IP. Hence the NAT router will not be able to route this request and will response with message like ICMP DESTINATION UNREACH- ABLE. Server simply ignores such message. As the result of this message the NAT router will enable routing of replies in response to this request. The client will also fake such reply.Actually client transmits a TTL EXPIRED message to the NAT router. The sever listen for such fake ICMP replies and when it recieves any such reply it initiates connection to the senderā€™s address speciļ¬ed in the fake message. In this manner the sever get the public IP of the client. If the client listens on the pre-agreed port, the port number can be sent as the part of payload of the ICMP ECHO RESPONSE message. Server connects to the client Now the server has the public IP of the client. So it can initiate 6
the communication with the client. The communication proceed in the same way as in the normarl NAT. A problem arissees in the autonomous approach when client is also behind the NAT. The NAT disallows the client to make the fake ICMP response.However there is theoritical solution to this problemm but the solution does not work practically. Hence the major drawback of the autonomous approach is that it fails for NAT-to-NAT communication. 4 NAT Punching or Hole Punching The NAT traversal techniques are also called NAT punching or hole punching techniques. This is termed so, because these technique create a hole in the NAT system to enable outside to inside connection. Hole punching tecchniques are classiļ¬ed on the basis of the messsages in- volved to create a hole in hte system. The major approaches are as following: UDP Hole Punching For hhole punching this technoque uses the UDP messages i.e. User Datagram messages. In this method the server behind the NAT need to maintain comnnection with the third party server permanently.The metod can be described as following: ā€¢ Since there is a pemanent UDP connection betweent he server and the third party server. Hence the NAT table has an entry corresponding to the third party server. ā€¢ When the client requests the third party server to help him to establish connection with the server behind the NAT. ā€¢ The third party server replies the client with the private and the public IP of the server behind the NAT. At the same time the sever also notiļ¬es hte server behind th e NAT that a client wants to establish connection. The notiļ¬cation message contains the IP address of the client. ā€¢ Now Bothe the client and the server behind the NAT know the IP of each other. So the server behind the NAT can start the UDP session with the client. 7
TCP Hole Punching Hole punching in the TCP session if far more complicated than that in the UDP session. Since TCP involve a secure, reliable end-to-end connection and also involve many more mechanisms like sequencing and synchronization of packets. Hence while applying NAT punching thee issues should be addressed fairly. Which in turn increasse the complexity of NAT punching to grea extent. The process of TCP hole punching is as following: ā€¢ Theer is a permanent TCP connection between the server and the third party server. Hence the NAT table has the corresponding entry. ā€¢ The cient request the third party server to help it to establish TCP connection with the server behin the NAT. ā€¢ The server then replies the client the private IP and the public IP of the client. At the same time the third party server notiļ¬es the server behind the NAT that a client with this IP address wants to establish TCP connectio with you. ā€¢ Now the server sends the SYN packet to the client. And it also listen for any incoming connection attempts from the client. ā€¢ The server waits for its SYN-ACK response to the already sent SYN packet. If it recieves it it send another ACK packet to acknowledge the SYN-ACK. ā€¢ Thus the three-way handshake process completes, the client and the server starts TCP communication. 5 Conclusion NAT is required for the whole IPv4 to IPv6 transition period. It is working eļ¬ƒciently. There are various NAT traversal approaches but none of them is standardized. Hence some problems also arises. It is also a matter of debate, whether NAT traversal or hole punching is threat to the network security. However the hole punching techniques used are classiļ¬ed on the basis of the type of the network, type of the connection etc. These all are showing satisfactory performance. 8

Recommended

IJET-V2I6P7
IJET-V2I6P7IJET-V2I6P7
IJET-V2I6P7IJET - International Journal of Engineering and Techniques
Ā 
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENT
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENTTCP/IP 3RD SEM.2012 AUG.ASSIGNMENT
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENTmayank's it solution pvt.ltd
Ā 
An Approach to Detect Packets Using Packet Sniffing
An Approach to Detect Packets Using Packet SniffingAn Approach to Detect Packets Using Packet Sniffing
An Approach to Detect Packets Using Packet Sniffingijcses
Ā 
internet protocols
internet protocolsinternet protocols
internet protocolsSrinivasa Rao
Ā 
Mod4
Mod4Mod4
Mod4Alam Garcia
Ā 
The Internet Protocol version 4 (IPv4)
The Internet Protocol version 4 (IPv4)The Internet Protocol version 4 (IPv4)
The Internet Protocol version 4 (IPv4)Thesis Scientist Private Limited
Ā 
Exploration network chapter_5_modified
Exploration network chapter_5_modifiedExploration network chapter_5_modified
Exploration network chapter_5_modifiedrajesh531
Ā 
I Pv6 Nd
I Pv6 NdI Pv6 Nd
I Pv6 NdRam Dutt Shukla
Ā 

Recommended

IJET-V2I6P7
IJET-V2I6P7IJET-V2I6P7
IJET-V2I6P7IJET - International Journal of Engineering and Techniques
Ā 
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENT
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENTTCP/IP 3RD SEM.2012 AUG.ASSIGNMENT
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENTmayank's it solution pvt.ltd
Ā 
An Approach to Detect Packets Using Packet Sniffing
An Approach to Detect Packets Using Packet SniffingAn Approach to Detect Packets Using Packet Sniffing
An Approach to Detect Packets Using Packet Sniffingijcses
Ā 
internet protocols
internet protocolsinternet protocols
internet protocolsSrinivasa Rao
Ā 
Mod4
Mod4Mod4
Mod4Alam Garcia
Ā 
The Internet Protocol version 4 (IPv4)
The Internet Protocol version 4 (IPv4)The Internet Protocol version 4 (IPv4)
The Internet Protocol version 4 (IPv4)Thesis Scientist Private Limited
Ā 
Exploration network chapter_5_modified
Exploration network chapter_5_modifiedExploration network chapter_5_modified
Exploration network chapter_5_modifiedrajesh531
Ā 
I Pv6 Nd
I Pv6 NdI Pv6 Nd
I Pv6 NdRam Dutt Shukla
Ā 
Nd
NdNd
NdRam Dutt Shukla
Ā 
2018a 1324654jhjkhkhkkjhk
2018a 1324654jhjkhkhkkjhk2018a 1324654jhjkhkhkkjhk
2018a 1324654jhjkhkhkkjhkJasser Kouki
Ā 
IP Datagram Structure
IP Datagram StructureIP Datagram Structure
IP Datagram StructureHitesh Mohapatra
Ā 
Network layer logical addressing
Network layer logical addressingNetwork layer logical addressing
Network layer logical addressingSri Manakula Vinayagar Engineering College
Ā 
IPV4 Frame Format
IPV4 Frame FormatIPV4 Frame Format
IPV4 Frame FormatAditya Rawat
Ā 
Mod9
Mod9Mod9
Mod9Alam Garcia
Ā 
Mod10
Mod10Mod10
Mod10Alam Garcia
Ā 
Quantifying the impact of flood attack on
Quantifying the impact of flood attack onQuantifying the impact of flood attack on
Quantifying the impact of flood attack onijcsa
Ā 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)Amit Kumar , Jaipur Engineers
Ā 
Data Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesData Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesStudent1989
Ā 
Network layer
Network layerNetwork layer
Network layerHasib Shaikh
Ā 
Basic networking course
Basic networking courseBasic networking course
Basic networking courseLuxoftTraining
Ā 
Mcse question
Mcse questionMcse question
Mcse questionComputer Hardware & Trouble shooting
Ā 
Ccna ccnp interview question 1
Ccna ccnp interview question 1Ccna ccnp interview question 1
Ccna ccnp interview question 1Salim Khan
Ā 
Ipv6up
Ipv6upIpv6up
Ipv6upasimnawaz54
Ā 
Best lookup algorithm for 100+gbps ipv6 packet
Best lookup algorithm for 100+gbps ipv6 packetBest lookup algorithm for 100+gbps ipv6 packet
Best lookup algorithm for 100+gbps ipv6 packeteSAT Publishing House
Ā 
Loopback address
Loopback addressLoopback address
Loopback addressCEC Landran
Ā 
TCPIP
TCPIPTCPIP
TCPIPFlavio Girella
Ā 
How Does The Internet Work? : Notes
How Does The Internet Work? : NotesHow Does The Internet Work? : Notes
How Does The Internet Work? : NotesSubhajit Sahu
Ā 
IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)Juniper Networks
Ā 
Dom(document object model)
Dom(document object model)Dom(document object model)
Dom(document object model)Partnered Health
Ā 
Dom
Dom Dom
Dom Surinder Kaur
Ā 

More Related Content

What's hot

2018a 1324654jhjkhkhkkjhk
2018a 1324654jhjkhkhkkjhk2018a 1324654jhjkhkhkkjhk
2018a 1324654jhjkhkhkkjhkJasser Kouki
Ā 
IP Datagram Structure
IP Datagram StructureIP Datagram Structure
IP Datagram StructureHitesh Mohapatra
Ā 
IPV4 Frame Format
IPV4 Frame FormatIPV4 Frame Format
IPV4 Frame FormatAditya Rawat
Ā 
Quantifying the impact of flood attack on
Quantifying the impact of flood attack onQuantifying the impact of flood attack on
Quantifying the impact of flood attack onijcsa
Ā 
Data Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesData Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesStudent1989
Ā 
Network layer
Network layerNetwork layer
Network layerHasib Shaikh
Ā 
Basic networking course
Basic networking courseBasic networking course
Basic networking courseLuxoftTraining
Ā 
Ccna ccnp interview question 1
Ccna ccnp interview question 1Ccna ccnp interview question 1
Ccna ccnp interview question 1Salim Khan
Ā 
Best lookup algorithm for 100+gbps ipv6 packet
Best lookup algorithm for 100+gbps ipv6 packetBest lookup algorithm for 100+gbps ipv6 packet
Best lookup algorithm for 100+gbps ipv6 packeteSAT Publishing House
Ā 
Loopback address
Loopback addressLoopback address
Loopback addressCEC Landran
Ā 
How Does The Internet Work? : Notes
How Does The Internet Work? : NotesHow Does The Internet Work? : Notes
How Does The Internet Work? : NotesSubhajit Sahu
Ā 
IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)Juniper Networks
Ā 

What's hot (20)

Nd
NdNd
Nd
Ā 
2018a 1324654jhjkhkhkkjhk
2018a 1324654jhjkhkhkkjhk2018a 1324654jhjkhkhkkjhk
2018a 1324654jhjkhkhkkjhk
Ā 
IP Datagram Structure
IP Datagram StructureIP Datagram Structure
IP Datagram Structure
Ā 
Network layer logical addressing
Network layer logical addressingNetwork layer logical addressing
Network layer logical addressing
Ā 
IPV4 Frame Format
IPV4 Frame FormatIPV4 Frame Format
IPV4 Frame Format
Ā 
Mod9
Mod9Mod9
Mod9
Ā 
Mod10
Mod10Mod10
Mod10
Ā 
Quantifying the impact of flood attack on
Quantifying the impact of flood attack onQuantifying the impact of flood attack on
Quantifying the impact of flood attack on
Ā 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)
Ā 
Data Packets, Routers and IP Addresses
Data Packets, Routers and IP AddressesData Packets, Routers and IP Addresses
Data Packets, Routers and IP Addresses
Ā 
Network layer
Network layerNetwork layer
Network layer
Ā 
Basic networking course
Basic networking courseBasic networking course
Basic networking course
Ā 
Mcse question
Mcse questionMcse question
Mcse question
Ā 
Ccna ccnp interview question 1
Ccna ccnp interview question 1Ccna ccnp interview question 1
Ccna ccnp interview question 1
Ā 
Ipv6up
Ipv6upIpv6up
Ipv6up
Ā 
Best lookup algorithm for 100+gbps ipv6 packet
Best lookup algorithm for 100+gbps ipv6 packetBest lookup algorithm for 100+gbps ipv6 packet
Best lookup algorithm for 100+gbps ipv6 packet
Ā 
Loopback address
Loopback addressLoopback address
Loopback address
Ā 
TCPIP
TCPIPTCPIP
TCPIP
Ā 
How Does The Internet Work? : Notes
How Does The Internet Work? : NotesHow Does The Internet Work? : Notes
How Does The Internet Work? : Notes
Ā 
IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)
Ā 

Viewers also liked

Dom(document object model)
Dom(document object model)Dom(document object model)
Dom(document object model)Partnered Health
Ā 
Document Object Model
Document Object ModelDocument Object Model
Document Object ModelMayur Mudgal
Ā 
DOM ( Document Object Model )
DOM ( Document Object Model )DOM ( Document Object Model )
DOM ( Document Object Model )ITSTB
Ā 
Document object model(dom)
Document object model(dom)Document object model(dom)
Document object model(dom)rahul kundu
Ā 
An Introduction to the DOM
An Introduction to the DOMAn Introduction to the DOM
An Introduction to the DOMMindy McAdams
Ā 

Viewers also liked (7)

Dom(document object model)
Dom(document object model)Dom(document object model)
Dom(document object model)
Ā 
Dom
Dom Dom
Dom
Ā 
Document Object Model
Document Object ModelDocument Object Model
Document Object Model
Ā 
DOM ( Document Object Model )
DOM ( Document Object Model )DOM ( Document Object Model )
DOM ( Document Object Model )
Ā 
Document Object Model
Document Object ModelDocument Object Model
Document Object Model
Ā 
Document object model(dom)
Document object model(dom)Document object model(dom)
Document object model(dom)
Ā 
An Introduction to the DOM
An Introduction to the DOMAn Introduction to the DOM
An Introduction to the DOM
Ā 

Similar to NAT

Link i pv4
Link i pv4Link i pv4
Link i pv4NARESH A
Ā 
Understanding_Network_Devices.pptx
Understanding_Network_Devices.pptxUnderstanding_Network_Devices.pptx
Understanding_Network_Devices.pptxmeynard samson
Ā 
Network address translation
Network address translationNetwork address translation
Network address translationVarsha Honde
Ā 
Nat cisco
Nat ciscoNat cisco
Nat ciscomoonmanik
Ā 
networkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptxnetworkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptxzmulani8
Ā 
CCN CEP.pptx
CCN CEP.pptxCCN CEP.pptx
CCN CEP.pptxNOOR69810
Ā 
Gohil-Network layer & Address Resolution Protocol.pptx
Gohil-Network layer & Address Resolution Protocol.pptxGohil-Network layer & Address Resolution Protocol.pptx
Gohil-Network layer & Address Resolution Protocol.pptxJuvil2
Ā 
Concept of networking
Concept of networkingConcept of networking
Concept of networkingsumit dimri
Ā 
IP Addressing
IP AddressingIP Addressing
IP AddressingJohnson Ubah
Ā 
Network address translation
Network address translationNetwork address translation
Network address translationKarppinen Ngoc Anh
Ā 
lecture note 2023 up10 stud2.ppt for ans
lecture note 2023 up10 stud2.ppt for anslecture note 2023 up10 stud2.ppt for ans
lecture note 2023 up10 stud2.ppt for anspeterhaile1
Ā 
Internet architecture protocol
Internet architecture protocolInternet architecture protocol
Internet architecture protocolGLIM Digital
Ā 
Paper id 25201418
Paper id 25201418Paper id 25201418
Paper id 25201418IJRAT
Ā 
Computer Networks basics
Computer Networks basicsComputer Networks basics
Computer Networks basicsBiplabaSamantaray
Ā 
Ip, subnet, gateway and routers
Ip, subnet, gateway and routersIp, subnet, gateway and routers
Ip, subnet, gateway and routersAdrian Suarez
Ā 
Transport Layer, Network layer.pptx
Transport Layer, Network layer.pptxTransport Layer, Network layer.pptx
Transport Layer, Network layer.pptxMuhammadMoosaPanhwar
Ā 
Networking Related
Networking RelatedNetworking Related
Networking RelatedZunAib Ali
Ā 

Similar to NAT (20)

Link i pv4
Link i pv4Link i pv4
Link i pv4
Ā 
Understanding_Network_Devices.pptx
Understanding_Network_Devices.pptxUnderstanding_Network_Devices.pptx
Understanding_Network_Devices.pptx
Ā 
Network address translation
Network address translationNetwork address translation
Network address translation
Ā 
Nat cisco
Nat ciscoNat cisco
Nat cisco
Ā 
networkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptxnetworkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptx
Ā 
CCN CEP.pptx
CCN CEP.pptxCCN CEP.pptx
CCN CEP.pptx
Ā 
Gohil-Network layer & Address Resolution Protocol.pptx
Gohil-Network layer & Address Resolution Protocol.pptxGohil-Network layer & Address Resolution Protocol.pptx
Gohil-Network layer & Address Resolution Protocol.pptx
Ā 
Concept of networking
Concept of networkingConcept of networking
Concept of networking
Ā 
IP Addressing
IP AddressingIP Addressing
IP Addressing
Ā 
Mikro tik
Mikro tikMikro tik
Mikro tik
Ā 
Iap final
Iap finalIap final
Iap final
Ā 
Network address translation
Network address translationNetwork address translation
Network address translation
Ā 
lecture note 2023 up10 stud2.ppt for ans
lecture note 2023 up10 stud2.ppt for anslecture note 2023 up10 stud2.ppt for ans
lecture note 2023 up10 stud2.ppt for ans
Ā 
Internet architecture protocol
Internet architecture protocolInternet architecture protocol
Internet architecture protocol
Ā 
Paper id 25201418
Paper id 25201418Paper id 25201418
Paper id 25201418
Ā 
Computer Networks basics
Computer Networks basicsComputer Networks basics
Computer Networks basics
Ā 
Ip, subnet, gateway and routers
Ip, subnet, gateway and routersIp, subnet, gateway and routers
Ip, subnet, gateway and routers
Ā 
IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing
Ā 
Transport Layer, Network layer.pptx
Transport Layer, Network layer.pptxTransport Layer, Network layer.pptx
Transport Layer, Network layer.pptx
Ā 
Networking Related
Networking RelatedNetworking Related
Networking Related
Ā 

More from Surinder Kaur

Analysis of Emergency Evacuation of Building using PEPA
Analysis of Emergency Evacuation of Building using PEPAAnalysis of Emergency Evacuation of Building using PEPA
Analysis of Emergency Evacuation of Building using PEPASurinder Kaur
Ā 
java API for XML DOM
java API for XML DOMjava API for XML DOM
java API for XML DOMSurinder Kaur
Ā 
intelligent sensors and sensor networks
intelligent sensors and sensor networksintelligent sensors and sensor networks
intelligent sensors and sensor networksSurinder Kaur
Ā 

More from Surinder Kaur (11)

Lucene
LuceneLucene
Lucene
Ā 
Agile
AgileAgile
Agile
Ā 
MapReduce
MapReduceMapReduce
MapReduce
Ā 
Apache Hive
Apache HiveApache Hive
Apache Hive
Ā 
JSON Parsing
JSON ParsingJSON Parsing
JSON Parsing
Ā 
Analysis of Emergency Evacuation of Building using PEPA
Analysis of Emergency Evacuation of Building using PEPAAnalysis of Emergency Evacuation of Building using PEPA
Analysis of Emergency Evacuation of Building using PEPA
Ā 
Skype
SkypeSkype
Skype
Ā 
XSLT
XSLTXSLT
XSLT
Ā 
java API for XML DOM
java API for XML DOMjava API for XML DOM
java API for XML DOM
Ā 
intelligent sensors and sensor networks
intelligent sensors and sensor networksintelligent sensors and sensor networks
intelligent sensors and sensor networks
Ā 
MPI n OpenMP
MPI n OpenMPMPI n OpenMP
MPI n OpenMP
Ā 

Recently uploaded

Romantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxRomantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxsqpmdrvczh
Ā 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
Ā 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
Ā 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
Ā 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
Ā 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
Ā 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
Ā 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
Ā 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
Ā 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
Ā 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
Ā 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
Ā 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
Ā 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
Ā 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
Ā 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
Ā 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
Ā 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
Ā 

Recently uploaded (20)

Romantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxRomantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptx
Ā 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
Ā 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
Ā 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Ā 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
Ā 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Ā 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
Ā 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
Ā 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
Ā 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
Ā 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Ā 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
Ā 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
Ā 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
Ā 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
Ā 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
Ā 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
Ā 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
Ā 
Model Call Girl in Bikash Puri Delhi reach out to us at šŸ”9953056974šŸ”
Model Call Girl in Bikash Puri Delhi reach out to us at šŸ”9953056974šŸ”Model Call Girl in Bikash Puri Delhi reach out to us at šŸ”9953056974šŸ”
Model Call Girl in Bikash Puri Delhi reach out to us at šŸ”9953056974šŸ”
Ā 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
Ā 

NAT

  • 2. 1 Introduction It is well known fact that the computer communicates with each other using their IP address over the interrnet. The IP address is a 32 bit address (in IPv4 scheme) and it uniquely identiļ¬es a computer overthe network of computers i.e. internet. It is evident that only 232 unique addresses are possible in with 32 bit scheme.However the available adreessses are even less due to various reasons as such as some of them are reserved for special puposes like multicasting, broadcasting. Looking at the immense use of networking and therby the exponential growth in the numberr of computers requiring unique IP address it seems that very soon the adresses avialable inIPv4 saheme will be out of the stock. and then no new IP adresses can be provided. Is it really going to happen? .Certainly not. The solution proposed to this scheme is use 64 bit IP addresses, known as IPv6.In this scheme all the IP addresses will be of 64-bit. Hence the address space will grow from 232 to 264 , deļ¬nitely itā€™s a huge space and hopefully suļ¬ƒcient for a long time. However it is required to convert all the current IPv4 address into corre- sponding IPv6 addresses to implement IPv6 scheme across the intrernet.But it is not an easy task, since it requires entire networking structure to be converted from 32-bit to 64-bit, all the routing table entries, the security algorithms etc need to be changed. Which deļ¬ntely requires lots of time and care also. So for the meantime two major solutions were proposed: CIDR CIDR stands forClassless InterDomain Routing. In this the conventional claasful IP addressing is converted into classless ad- dressing. In this scheme the IP address is divided into - netid i.e. the id of network and host id i.e. the id of individual machine in the network using the slash notation, the number after the slash gives the number of bits in the net id and the remaining bits are host id. 172.31.100.29/23 implies that the 23 bits from MSB are netid and the remaining 9 bits are the host id. Hence in this case the net id is: 172.31.100 and the host is : 29 NAT A new technology is introduced to prevent the outrun of the IP ad- dresses. This technology is termed as NAT i.e. Network Address Translation. NAT is a standard that allows the LAN to group its sys- tem such that they use a set of IP addresses for communicating with the external networks, this set of address is called publicIPaddress 1
  • 3. and another set of IP addresses for communication within the network, which is called privateIPaddress. 2 NAT: Brief sescription The gist of NAT in one line is that NAT maps private IPs to Public IPs.It maps the IPaddress-port pair int he packet to another set of IP address-port pair. There are three address ranges reserved for private IPs: ā€¢ 10.0.0.0/8 ā€¢ 172.16.0.0/16 to 172.31.0.0/16 ā€¢ 192.168.0.0/24 to 192.168.255.0/24 The NAT technology is implemented in any of the devices that are at the edge i.e. at the boundary of the LAN and the rest of the internet, like routers, ļ¬rewalls.NAT can use one of the following mapping technique: Static In this there is one-to-one correspondence between the private IP ad- dress and the public IP address. A private IP address always maps to the same public IP always. Dynamic In this there is one-to-many mapping between the private and the public IP address. A private IP address can be mapped to any one of the available public IP address. Overloading In this there is many-to-one correspondence between the private and public IP address. Many private IP address can be mappped to single public IP address but with a diļ¬€erent port. Hence this scheme is also known as port āˆ’ address āˆ’ translation or port- level-multiplexed NAT. overlapping The solution to this dilemma is to use a more sophisticated form of NAT. The other versions we have seen so far always trans- late either the source address or the destination address as a datagram passes from the inside network to the outside network or vice versa. To cope with overlapping addresses, we must translate both the source address and the destination address on each transition from the inside 2
  • 4. to the outside or the other direction. This technique is called Overlap- ping NAT in reference to the problem it solves, or Twice NAT due to how it solves it. (Incidentally, despite the latter name, regular NAT is not called Once NAT.) Twice NAT functions by creating a set of mappings not only for the private network the NAT router serves, but also for the overlapping network (or networks) that conļ¬‚ict with the inside networkā€™s address space. In order for this to function, Twice NAT relies on the use of the TCP/IP Domain Name System (DNS), just like bidirectional NAT. This lets the inside network send requests to the overlapping network in a way that can be uniquely identiļ¬ed. Otherwise, the router canā€™t tell what overlapping network our inside network is trying to contact. 2.1 NAT Table It is the table maintained by the NAT server. It contains the entries of of the each node behind the NAT. It contains the private IP address of the node and the its corresponding public address. The NAT table is refreshed periodically. 2.2 Working of NAT The working of NAT can be summarized in the following points: ā€¢ When two systems witihn the LAN wants to communicate, they com- municate using their private IP address, in this case no private to public mapping is required. ā€¢ When a system within the LAN wants to communicate with an system that is outside the LAN. As the packet reaches the router that imple- ments the NAT technology, the NAT server ļ¬rst veriļ¬es that the packet is inside to outside packet and it speciļ¬es the criteria speciļ¬ed for translation, if so it checks its NAT table, if it has enttry correspond- ing to the private IP address this table it map the private IP to the corresponding public IP address. and then forward the packet to the destination with the source IP as the public IP. ā€¢ When the response from an external network reaches to the LANā€™s NAT router, the destination IP of the corresponding packet is one of the public IP of the LAN. the NAT router then checks the translation table for the IP and amp it to the corresponding private IP. 3
  • 5. ā€¢ However it is not possible to make outside to inside connectio that is initiated by some outside system. 3 NAT TRAVERSAL 3.1 The NAT TRAVERSAL PROBLEM A system outside a LAN can not initiate a connection to any system inside the LAN that is using the NAT. This problem is termed the NAT traver- sal problem. This is due to the reason that the NAT is unab;le to perform the reverse mapping i.e it can map private IP to public IP and the pub- lic IP in response to the private IP but can not perform the mapping of public IP to private IP in case of outside initiated queries. 3.2 Traversal approches To overcome the NAT traversal problem the various NAT traersal approaches have been proposed. Most of them make use of third party server for outside to inside connection. However some other approaches have been proposed most promising one is the autonomous NAT traversal. Using third paty server for connection revarsal To have the outside to inside connection in the NAT is using thied party server. It is the most populr approach for the above ssaid purpose. The third party server are located outsise the LAN behind the NAT. What it actually does is that it involves a third party seerver. When a client ouside the NAT wants to establish the connection with the server behind NAT, the process proceeds as follows: ā€¢ The client request the third party server to help establish connec- tion with the server. ā€¢ Then the third party server notiļ¬es the server that the client wants to establish the connection. ā€¢ The server then initiates the connection with the client. This approach is termed as connection revarsal approach be- cause the thirdd party server turns the client initiated communica- tion to the sever initiated communication. However it is required that the serveralways nees d to maintain connection to third party server 4
  • 6. The major drawback of third party server approach is that it ā€¢ It require third party to be involved. ā€¢ It is a complex pproach ā€¢ An attacker can easily attack the system by analyzing the traļ¬ƒc. The major third party server are: TURN TURN stands for Traversal Using Relays around NAT. It is a protocoll that facilitate outside to inside connection in the NAT. However it does not alow the system behind hte NAT to be server but only to connect to single system outside the NAT. i.e. the TURN allows to establish the connection between one system inside the NAT and other one outside the NAT but not to multiple system. In this way it is as secure as the NAT but it turns the table so that the connection in NAT can be established from outside to inside Interactive Connectivity Establishment It is used for the same purpose. It uses STUN and TURN and other likewise protocols as tools. The ICE resides within the sys- tem outside the NAT i.e. the client.Using the various tools the client gets the list of addresses. ICE perform connectivity test on each of them. and uses the best address. The major advantage of this protocol is thst it always ļ¬nd the path if one exists and the path it uses is the best one. However the drawback is that it requires several iterations. Relaying When both the peers are behind NAT then the relaying method is used. A third party server is used and peers communicate via this server. The method works as follwing: ā€¢ Both the peers have aeither TCP or UDP connection with the server. ā€¢ The peer that wants to initiate the communication with another peer, it transmits it message to the server. ā€¢ Since server has connection with the peer Hence the server then relay this message to the other peer. 5
  • 7. ā€¢ when the other peer respond to the initating peer, it can not directly communicate. So it transmit tje message to thr server involved and the server in turn relay the mesasge back to the peer. this approach is considered to be the most reliable approach. But it requires lot of network bandwidth, consumes server processing power. Also the communication latency increases. Hence it is the least eļ¬ƒcient approach. Autonomous Traversal In this approach no third party server involves. In this way it reduces complexity and decreases the chances of attack. The basic assumption of this approach is that the outside system knows the public IP address(s) of the NAT router behind which the intended system resides. It is possible due to the previous exchange betweent he outside system and the inside system. The outside system can be termed asclient and the inside system as server. The steps involved in the autonomous NAT traversal can be dscribed as following: Communicate the public IP of client to the server The sever periodically sends a message to a known IP address. It may use ICMP ECHO REQUEST message to an unallo- cateed IP address i.e. for which no entry exis in the routing table. Since no entry teh server sent request for an unallocated IP. Hence the NAT router will not be able to route this request and will response with message like ICMP DESTINATION UNREACH- ABLE. Server simply ignores such message. As the result of this message the NAT router will enable routing of replies in response to this request. The client will also fake such reply.Actually client transmits a TTL EXPIRED message to the NAT router. The sever listen for such fake ICMP replies and when it recieves any such reply it initiates connection to the senderā€™s address speciļ¬ed in the fake message. In this manner the sever get the public IP of the client. If the client listens on the pre-agreed port, the port number can be sent as the part of payload of the ICMP ECHO RESPONSE message. Server connects to the client Now the server has the public IP of the client. So it can initiate 6
  • 8. the communication with the client. The communication proceed in the same way as in the normarl NAT. A problem arissees in the autonomous approach when client is also behind the NAT. The NAT disallows the client to make the fake ICMP response.However there is theoritical solution to this problemm but the solution does not work practically. Hence the major drawback of the autonomous approach is that it fails for NAT-to-NAT communication. 4 NAT Punching or Hole Punching The NAT traversal techniques are also called NAT punching or hole punching techniques. This is termed so, because these technique create a hole in the NAT system to enable outside to inside connection. Hole punching tecchniques are classiļ¬ed on the basis of the messsages in- volved to create a hole in hte system. The major approaches are as following: UDP Hole Punching For hhole punching this technoque uses the UDP messages i.e. User Datagram messages. In this method the server behind the NAT need to maintain comnnection with the third party server permanently.The metod can be described as following: ā€¢ Since there is a pemanent UDP connection betweent he server and the third party server. Hence the NAT table has an entry corresponding to the third party server. ā€¢ When the client requests the third party server to help him to establish connection with the server behind the NAT. ā€¢ The third party server replies the client with the private and the public IP of the server behind the NAT. At the same time the sever also notiļ¬es hte server behind th e NAT that a client wants to establish connection. The notiļ¬cation message contains the IP address of the client. ā€¢ Now Bothe the client and the server behind the NAT know the IP of each other. So the server behind the NAT can start the UDP session with the client. 7
  • 9. TCP Hole Punching Hole punching in the TCP session if far more complicated than that in the UDP session. Since TCP involve a secure, reliable end-to-end connection and also involve many more mechanisms like sequencing and synchronization of packets. Hence while applying NAT punching thee issues should be addressed fairly. Which in turn increasse the complexity of NAT punching to grea extent. The process of TCP hole punching is as following: ā€¢ Theer is a permanent TCP connection between the server and the third party server. Hence the NAT table has the corresponding entry. ā€¢ The cient request the third party server to help it to establish TCP connection with the server behin the NAT. ā€¢ The server then replies the client the private IP and the public IP of the client. At the same time the third party server notiļ¬es the server behind the NAT that a client with this IP address wants to establish TCP connectio with you. ā€¢ Now the server sends the SYN packet to the client. And it also listen for any incoming connection attempts from the client. ā€¢ The server waits for its SYN-ACK response to the already sent SYN packet. If it recieves it it send another ACK packet to acknowledge the SYN-ACK. ā€¢ Thus the three-way handshake process completes, the client and the server starts TCP communication. 5 Conclusion NAT is required for the whole IPv4 to IPv6 transition period. It is working eļ¬ƒciently. There are various NAT traversal approaches but none of them is standardized. Hence some problems also arises. It is also a matter of debate, whether NAT traversal or hole punching is threat to the network security. However the hole punching techniques used are classiļ¬ed on the basis of the type of the network, type of the connection etc. These all are showing satisfactory performance. 8