The principle of NAT and the precautions

xiaoxiao2021-03-06  40

The principle of NAT and the precautions

-------------------------------------------------- ----------------------------- The IP address considers the development of CIDR, but the main purpose of CIDR development is for effective Use an existing Internet address. At the same time, the NAT developed according to RFC 1631 (IP Network Address Translator) can be used in multiple Internet subnets to reduce the use of registration IP addresses. NAT technology allows a private network to connect to an external world over the Internet, which is responsible for translating internal IPs into an external legal address before sending packets in the INSIDE network and Outside network. The host of the internal network cannot communicate external networks at the same time, so only part of the internal address needs to be translated.

NAT translations can take two static translation and dynamic translation. Static translation corresponds to one pair of internal addresses and external addresses. When NAT needs to confirm which address needs to be translated, which address POOL is used when translated, it uses dynamic translation.

The source port technology that uses Port Multiplexing technology or changes the output of the output data to the same external address, which is PAT (Port Address Translator).

When a foreign IP to the internal address, TCP's LOAD Distribution technology can be utilized. When using this feature, the internal host is based on the Round-Robin mechanism, and the new connections that come in will go up to different hosts. Note: The Load DistributionG is only valid when the external address of the image is internally.

Several cases used by NAT:

A, connected to the Internet, but there is not enough legal address to assign to the internal host.

B. Change to a ISP that needs to be reassigned.

c, two IP addresses with the same IP address merge.

d, want to support load balancing (host).

After using NAT, one of the most important changes is that you lose the TRACEABILITY of the end-to-end IP, that is, you can't use the NAT to use ping and traceroute, followed by some of the IP programs that no longer function properly. The disadvantage of potentially not easy to observe is to increase the network delay.

NAT can support most of the IP protocol, but there are several protocols need to be aware that both TFTP, RLogin, RSH, RCP and IP Multicast are supported by NAT, followed by BootP, SNMP, and routing table updates to refuse.

Several related concepts of NAT:

Inside Local IP Address: Specifies the host address of the internal network, the only unique, but for private addresses.

Inside Global IP Address: Represents one or more internal IP to the legitimate IP of the external world.

Outside global ip address: legitimate IP of external network hosts.

Outside Local IP Address: Host address of the external network, it looks an internal network, private address.

Simple Translation Entry: The Entry IP to another address.

Extended Translation Entry: The image of the IP address and port to another pair.

With NAT, you can implement the following features:

A, Translation INSIDE LOCAL Addresses

B, OVERLOADING INSIDE GLOBAL ADDRESSC, TCP LOAD DISTRIBUTION

D, Handing overlapping networks

Below we describe their working principle one by one.

A, internal address translation (Translation INSIDE LOCAL Addresses):

This is a relatively general method that translates internal IP one-to-one into an external address.

When the internal host is connected to the external network, when the first packet reaches the NAT router, Router checks its NAT table, because NAT is static, so you can query (simply entry), then Router will packet Internal partial IP (source address) is replaced into internal global addresses and forwards it. The external host accepted the internal global address accepted by the packet, NAT accepted the external data packet, and then translated into the internal local IP according to the NAT table address, forwarded.

B, internal global address multiplexing (Overloading Inside Glogal Addresses)

Use address and port PAIR to shoot multiple internal addresses to a relatively small external address. This is also the so-called PAT. Like internal address translation, Nat Router is also responsible for checking tables and translation internal IP addresses, the only difference is because using OverLoading, Router will multiplex the same internal global IP address, and store sufficient information to distinguish it and other addresses This is extended Entry so that.

The NAT Router and the external host communication use the translated internal global address, so the general communication has no difference, and the router is also in the NAT table when the Router is connected to the internal host.

C, TCP load (TCP load distributing) is different from the above operations, which is the translation of NAT from the outside, so that the way to be WebServer must be placed outside the NAT is wrong.

Working principle: The external host communicates to the virtual host (defined as internal global address), Nat Router accepts the request of the external host and establishes the connection with the internal host according to the NAT table, and translates the internal address (destination address) into the internal address, and Forwarding the packet to the internal host, the internal host accepts packets and responds. Nat Router uses the internal local address and port query data table to respond according to the external address and port of the query.

At this point, if the same host is another second connection, Nat Router will establish a connection to another virtual host according to the NAT table, and forward data.

d, handle overlapping networks.

This approach is mainly used for two intranet interconnections, which give us two overlapping networks to provide a method. Its implementation requires support for DNS Server (for different hosts).

1. Host A requires the connection to the host C, first, DNS Server is the address query.

2, Nat Router intercept DNS response, if the address has overlap, the address returned to the translation. It will create a simply entry translates overlapping external global addresses (destination addresses) into external local addresses.

3, the router forwarding the DNS response to the host A, which has translated the address of the host C into an external local address.

4. When the router receives the packet of the host C, it will establish a conversion between internal local, global, external global, local address, and host A will be translated by internal local addresses (source address) into internal global addresses, and host C will be outside The global address (destination address) is translated into an external local address. 5. Host C accepts packets and continues to communicate.

转载请注明原文地址:https://www.9cbs.com/read-119388.html

New Post(0)