cisco networking academy chabot college elec 99.08 network address translation
TRANSCRIPT
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Chabot CollegeChabot College
ELEC 99.08ELEC 99.08Network Address Translation
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Shortcomings of Subnetting:Shortcomings of Subnetting:
• Waste (up to 50%)– Lots of addresses are unusable:
• first & last subnet• first & last host in each subnet
• Rigidity– Subnet structure is inflexible
• same size for every subnet• subnet with largest no. of hosts determines size for
all
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Case Study:Case Study: 4CNet IP Address Allocation to Chabot-Las Positas4CNet IP Address Allocation to Chabot-Las Positas
• Algorithm: #hosts/254 = #class Cs
• Fails to consider network structure.
• Subnets needed for:– Broacast control– WAN links– Access policy enforcement
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Case Study:Case Study: 4CNet IP Address Allocation to Chabot-Las Positas4CNet IP Address Allocation to Chabot-Las Positas
• Can we afford the waste & rigidity of subnetting?
• YES, if we run NAT & a large private address space.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Network Address Translation (NAT)Network Address Translation (NAT)
• Private address space inside network
• 4CNet-assigned addresses outside network
• Translation performed by Cisco PIX (Private-Internet Exchange)
• (Can also be performed by a router.)
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
How NAT works...How NAT works...
209.129.155.0 172.28.254.0
20
9.1
29
.15
6.0
All defaulttraffic comesfrom209.129.155.1
17
2.2
8.1
10
. 0
astro172.28.112.20
iserver209.129.156.2
porter209.129.156.3
norma172.28.110.20
4CNet
Cisco 4000Mgateway
PIX 520
4CNet-assignedAddresses
PrivateAddresses
17
2.2
8.1
12
. 0
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Default TranslationDefault Translation
• The PIX assigns a single address to all traffic sent to the internet.
• The PIX uses TCP sequence numbers to map the returning traffic from established sessions to internal host addresses.
• Supports > 16,000 simultaneous sessions.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Address MappingAddress Mapping
Internal Host External (4Cnet) IP Private IP
norma.clpccd.cc.ca.us 209.129.155.32 172.28.110.20
astro.clpccd.cc.ca.us 209.129.155.31 172.28.112.20
Internal hosts can be mapped to both internal (private) and external IP addresses:
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
What problems does NAT solve?What problems does NAT solve?
• Allows a huge address space for your net.• Allows creation of many subnets with many
hosts. (e.g. Class B network subnetted 255.255.255.0).
• Address waste doesn’t matter.• Rigidity doesn’t matter (subnets can be
oversized to allow for growth)• Allows flexible access policies and firewalling.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
What problems does NAT solve?What problems does NAT solve?
• …and you’ll never have to renumber your network again.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
What tradeoffs result?What tradeoffs result?
• Capital cost of the box.
• Single point of failure in connection to internet.
• Dual DNS required… But this is also an advantage: lets you decide what the world gets to learn about your internal network.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Dual DNSDual DNS
209.129.155.0 172.28.254.0
20
9.1
29
.15
6.0
ExternalDNSServer
17
2.2
8.1
0.0
davis172.28.101.12
iserver209.129.156.2
4CNet
Cisco 4000Mgateway
PIX 520
4CNet-assignedAddresses
PrivateAddresses
InternalDNSServer