190 likes | 312 Views
NATs and UDP. Victor Norman CS322 Spring 2014. NAPT. Suppose we have a router doing NAT: half is the “public side”, IP address 77.78.79.80; other half is the “private side”, 192.168.0.1. Host 192.168.0.111 sends packet to cnn.com @ 157.166.226.25, port 80. Host chooses source port 30000.
E N D
NATs and UDP Victor Norman CS322 Spring 2014
NAPT • Suppose we have a router doing NAT: half is the “public side”, IP address 77.78.79.80; other half is the “private side”, 192.168.0.1. • Host 192.168.0.111 sends packet to cnn.com @ 157.166.226.25, port 80. • Host chooses source port 30000. • NAPT makes entry in its table when first packet is sent.
Why need to use port? Q: Why do you need to use the port in the algorithm? What if you used something beside UDP/TCP behind a NAPT? A: The port is used in a NAPT to disambiguate when multiple machines behind the NAPT send to the same machine outside the NAT. If you use another protocol you might not be able to use the NAT, or you might have to program the NAT to handle it.
NAT Translation Table Timeout? Q: Do the translation table entries on a NAT time out like the entries on a learning switch? A: Yes, I think they must have to be timed out.
Most common address block Q: According to Comer, the most common address block used is the 10.0.0.0/8 block. Is this because it allows for the most hosts on a site? A: I don’t know that that is true, and I don’t know why it is true if it is true…
# of port numbers Q: NAPT uses a set of cycling port numbers. What is the size of that set and would it be possible to overrun the set? A: The port numbers in UDP and TCP are 16 bits, so 65536 possibilities.
Servers behind a NAT Q: How does the NAT allow multiple machines to run servers visible to the outside? A: Twice NAT explains how this can be done (but I don’t know if anyone does that). In general, I think that servers are just run on public IP addresses.
Sub-NAT? Q: Can you subNAT, that is a NAT inside a NAT?Would each embedded NAT have to use an equivalent or smaller mask than the main NAT, so, ultimately, using the most general NAT, 10.0.0.0/8 allows for the most diversity in the NAT? A: The masks don’t come into play in this… but I think you could sub-NAT.
NAT solves address depletion? Q: If we (being everyone in the known universe) used NATs, do we really need IPv6? A: We probably would still run out of IP addresses and thus need to go to IPv6.
Calvin using a NAT? Q: With Calvin’s network size, would it be possible to move away from the class B network and use a NAT instead (or reducing to a /24 network and using several NATs)? A: I don’t know… Let’s think about this…
UDP Checksum and NAT Q: Does a NAT have to recompute the UDP checksum? A: Yes! Because it changes the IP source address and because it changes the UDP source port.
UDP Functionality? Q: UDP does not seem to provide any functionality! It is just best-effort, like IP. Why have it at all? A: It provides really one thing: a way to demultiplex layer 5 protocols, via the port numbers.
UDP as endpoint Q: Does a UDP port mostly serve as an endpoint for sending and receiving messages, rather than creating direct lines of communication as TCP does? A: Yes. When you open a UDP socket and get a message, you get the source address/port as well as the data, because the message could have come from anywhere.
UDP Pseudo-header Q: Comer mentions that UDP header does not provide a checksum, so UDP extends the checksum to include the IP datagram? How does this work, and how does this help to reduce errors in IP? A: In your code when you compute the checksum, you first add in the fields from the IP header that you need. Not hard to implement. Does it really help reduce errors? Theoretically yes. Practically? I doubt it.
Pseudo-header: where? Q: Regarding UDP, is the pseudo header only appended to the UDP message on the receiving end? A: No. The pseudo-header is built on the sending side in order to compute the checksum. It is also built on the receiving side, for the same reason. Note: the pseudo-header is NOT transmitted.
Layer violation? Q: Does the use of a pseudo-header mean that UDP does not support layer 3 protocols other than IP? What about IPv6? The pseudo-header seems like a bad idea to me because it destroys the separation of concerns between layers. Do the benefits outweigh these problems? A: Amen! And bless you for this observation. I think it is a bad idea. You have to assume *something* from your lower layers…
Message ordering… Q: How do applications that use UDP keep track of message order? A: They put a message # in each packet, usually.
UDP packet fragmentation Q: In Chapter 25, the author mentions that in using the UDP protocol programmers must be sure to keep the message sizes small or risk loss of efficiency due to fragmentation. In practice, do UDP packets typically remain small enough to avoid fragmentation, or is there some amount of these messages that just plain have to be bigger than that? A: A typical MTU is 1500 bytes, so most messages can be contained in that. NFS is over UDP (and TCP) but can contain long filenames. If they don’t fit in the MTU, they don’t fit, and the packet gets fragmented.
TCP vs. UDP ports Q: Are all layer 4 port number protocols the same? (TCP vs UDP, etc.) A: TCP ports are totally different from UDP ports. They are both 16 bits, but a UDP port could be used for XYZ protocol and the same TCP port could be for a totally different protocol. NOTE: an application can send a broadcast UDP message – to any machine on the network listening on a certain UDP port. Cannot do this in TCP.