communicating globally using private ip addresses
DESCRIPTION
Communicating Globally Using Private IP Addresses. Lauri Virtanen. Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department of Communications and Networking October 29th, 2009. Agenda - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/1.jpg)
Lauri Virtanen
Supervisor: Professor Raimo Kantola
Instructor: Lic.Sc.(Tech.) Nicklas Beijar
Faculty of Electronics, Communications and Automation
Department of Communications and Networking
October 29th, 2009
![Page 2: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/2.jpg)
Agenda• Backround & Objectives
• Network Address Translation (NAT)
• Domain Name System (DNS)
• Customer Edge Switching (CES) Concept
• CES Prototype
• Evaluation
• Conclusions
![Page 3: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/3.jpg)
Backround & Objectives• The growing of Internet has generated problems
• The run out of IPv4 addresses
• Weak deployment of IPv6 addressing
• Oversizing routing tables
• Reachability problem
• A new architecture model needed to solve the current problems
![Page 4: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/4.jpg)
Network Address Translation (NAT)• An edge device that relays packets
• Changes address and port information from outgoing and
incoming packets
• Traffic originates from inside to outside direction
• Inbound connection not possible -> reachability problem
![Page 5: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/5.jpg)
Domain Name System (DNS)• Main use is solving domain names to IP addresses
• In DNS, data is stored in resource records (RR)
• E.g. A-type RR: domain_name _Host_A <-> IPv4_address_Host_A
![Page 6: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/6.jpg)
Customer Edge Switching (CES) Concept• CES is a model for the future Internet
• Idea to solve the reachability problem
• Idea to prevent IPv4 addresses from extinction by using them
privately
• Removes the need for IPv6 and also increases security
• CES is aimed to be implemented with as little modification as
necessary in the existing equipments
• Modifications allowed in DNS and NAT, hosts remain the same
• Aims at dividing the ownership of network into reasonable
pieces: Trust domains (corporate networks, operator networks)
![Page 7: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/7.jpg)
CES architecture:
• Routing independent in every Trust domain
• Network elements: host, CES, PE, DNS
• Identities are known only in its respective private network
• E.g. Identity of Host X is kept in its home CES device (CES
X) and also in the DNS
![Page 8: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/8.jpg)
CES Network Elements Explained• Host:
• Basic IPv4 stacked
• CES:
• NAT extension containing its features: mappings and tables
• Contains information of all the registered hosts (HRL)
• Address pool of IPv4 addresses
• Hash calculating algorithm
• DNS:
• Needs a new resource record (RR) type:
• domain_name_Host_X = Address_CES_X + hash_Host_X
• E.g. host_x.foobar = MAC_CES_X + 1234
![Page 9: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/9.jpg)
CES Prototype
• The implemented prototype differs slightly from CES concept
• No PE devices
• Prototype built on virtual PCs running Linux/Debian
• Programming done with Python
• DNS executed with DNSPython toolkit
• Packet generating, sending and receiving done with Scapy
![Page 10: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/10.jpg)
Network Diagram:
• 2 Hosts, 2 CES devices and DNS
• IP routing (layer 3) in customer networks
• Ethernet (layer 2) based routing in public network
![Page 11: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/11.jpg)
![Page 12: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/12.jpg)
Evaluation• CES can be implemented with only a few modifications in the
existing infrastructure
• Only NAT and DNS need modifications
• Hosts are still IPv4 stacked computers
• CES works with most of the common protocols
• According to testing, CES works with TCP, UDP, ICMP, HTTP
and SSH
• Still lacks compatibility with FTP and SIP
![Page 13: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/13.jpg)
Test Results
Program in Host A Program in Host B Protocols tested Working
Ping client Ping server ICMP YESTelnet client Telnet server TCP YESLynx web browser Abyss web server HTTP YESIceweasel web browser Abyss web server HTTP YES
SSH client SSH server SSH YESFTP client Pure-FTPd (server) FTP NoTwinkle (client) Twinkle (client) SIP No
• FTP and SIP fail as private addresses are placed in payload fields
• FTP and SIP does not work with two NATs (or CESs)
• Packet modification in CES could solve this
![Page 14: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/14.jpg)
Conclusions• The prototype proves the functioning of CES concept
• CES solves the reachability problem
• CES reuses IPv4 addresses effectively
• CES excludes the need for IPv6 addresses
• CES enhances security
• No modification needed in end-hosts
![Page 15: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/15.jpg)
Future Research• Connecting CES prototype to other networks
• Modification of CES prototype
• Designing and choosing algorithms for calculating IDs
![Page 16: Communicating Globally Using Private IP Addresses](https://reader036.vdocuments.us/reader036/viewer/2022062717/56812b0f550346895d8f0186/html5/thumbnails/16.jpg)
Thank You!