IPv4 Addressing There are several non-profit organizations in the world that have the authority for assigning IP addresses to institutions that need access to the Internet. These organizations are (for details, see http://en.wikipedia.org/wiki/regional_internet_registry) African Network Information Centre (AfriNIC): for Africa American Registry for Internet Numbers (ARIN): for the United States, Canada, and several parts of the Caribbean region. Asia-Pacific Network Information Centre (APNIC): for Asia, Australia, and neighboring countries Latin America and Caribbean Network Information Centre (LACNIC): for Latin America and parts of the Caribbean region RIPE NCC: for Europe, the Middle East, and Central Asia When requesting one or more IP addresses, the corresponding organization responsible for assigning IP addresses will assign to the requesting institution one or more IP addresses that belong to one of several IP address classes. Three of these classes are for public distribution, one class is for multicasting, and one class is for experimentation. The five IP address classes are shown below. Class A addresses have their most significant bit being 0, class B addresses have their two most significant bits being 10, class C addresses have their three most significant bits being 110, class D addresses have their four most significant bits being 1110, and finally class E addresses have their five most significant bits being 11110. Note that class A supports very few Network IDs but a large number of hosts per network, class B supports more Network IDs but less number of hosts per network, and class C supports a very large number of networks but few hosts per network. Since IP addresses are 32 bit long, the total number of theoretical IP addresses is 2 32 4.295 * 10 9 different IP addresses. Therefore, you can theoretically connect a total number of computers to the 1
Internet that is equal to 4.295 * 10 9. However, in practice, the above assignment of IP classes is very wasteful. Consider for example the following cases: Class A: Number of Networks 128, Number of hosts 16,800,000 Class B: Number of Networks 16,400, Number of hosts 65,500 Class C: Number of Networks 2,100,000, Number of hosts 256 Class D: Total number of IP addresses reserved for multicasting 268,000,000, Class E: Total number of IP addresses reserved for experimentation 134,000,000 Clearly many IP addresses are for multicasting and experimentation purposes. In addition, once an organization requests an IP address range, they are assigned a network ID that belongs to one of the classes A, B, or C above and have full control over the whole set of host IDs. If that organization does not use all of its possible Host IDs, they are theoretically wasted. Note: In fact, this arrangement of IP addresses into classes is OBSOLETE (it is no longer used because it is very wasteful in assigning IP addresses to Internet users). Another system known as Classless InterDomain Routing (CIDR) system was developed to reduce the waste in IP address assignment. Because of the extreme amount of wasted IP addresses in the above class full IPv4 address assignment, the CIDR system was developed sometime in the 1980 s to preserve IP addresses. Even with this technique, IP addresses are drying up very fast. It is expected that the pool of available IPv4 addresses will dry up completely sometime between 2011 and 2013. See the following website for details http://arstechnica.com/web/news/2010/10/well of remaining ipv4 address blocks quickly runningdry.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Special Addresses There are some special addresses with specific uses and specific meanings. These special addresses are: If (Host ID = 111 11) Broadcast the packet to all hosts on the network specified by Net ID. All hosts seeing the packet are supposed to accept it and respond to it if required to. If (Net ID = 111 11) and (Host ID = 111 11) Packet is broadcast on the local network If (Host ID = 000 00) Specifies the network specified by Net ID not a specific host If (IP Address = 000 00) Used for identifying someone s own IP address from the MAC address If (IP Address = 127.0.0.1) Used for loopback meaning that the data is received by the same machine transmitting it (packet does not reach the network. This is used to make sure that the network card and installed network software is functioning properly). 2
If (IP Address = 224.x.x.x 239.x.x.x) Used for multicasting, which means only some hosts on the network will receive the transmission (as opposed to uni casting in which a single host receives the transmission, or broadcasting in which all hosts on the network receive the transmission). Hosts belonging to different multicasting groups will recognize different multicasting IP addresses and respond to them. A host that does not belong to a particular multicast group will ignore the corresponding multicast packets (for details, see http://www.firewall.cx/multicast intro.php). Also, some addresses have been reserved for use in private LANs (one set of addresses for each of the classes A, B, and C) where such addresses are not routed by Internet routers (routers in the Internet discard any IP address in these ranges) Range 1: 10.0.0.0 to 10.255.255.255 (class A) (00001010.xxxxxxxx.xxxxxxxx.xxxxxxxx) Range 2: 172.16.0.0 to 172.31.255.255 (class B) (10101100.0001xxxx.xxxxxxxx.xxxxxxxx) Range 3: 192.168.0.0 to 192.168.255.255 (class C) (11000000.10101000.xxxxxxxx.xxxxxxxx) Network address translation (NAT) is used to translate between private IP addresses and global IP addresses Network Address Translation (NAT) NAT was one of the ideas or concepts that were introduced to combat the problem of IP address exhaustion. The concept of NAT is a very powerful for several reasons: It shields computers in a private LAN from the Internet and therefore reduces the risks that are associated with connecting a computer to the Internet (hacking attacks). More importantly, Internet service providers usually assign one IP address to a home network or multiple IP addresses to an organization. However, the number of computers on the home network or on the organization network are more than the number of assigned IP addresses. To allow all machines to transmit/receive traffic from the internet, NAT is used. What NAT does is that local addresses (in one of the 3 ranges of private IP addresses that start with 10, 172, or 192) are translated to one public IP address assigned to the home network (in the case of DSL service) or multiple public IP addresses assigned to the organization by the Internet service provider (in the case of organizations such as KFUPM ). The NAT system also translates from the public IP address(es) to the corresponding private IP addresses as the packets arrive from the Internet to the private network. In fact, all computers in a network that uses NAT appear to the outside world as having only few IP addresses. For the case of a home network, all computers in your home network will appear to the outside world as having a single IP address. If you visit a website that records your IP address from one of your home network computers and then try to visit the same website from another computer, the 3
website will not be able to distinguish between the two computers. The following are two examples that show how NAT works. In the first case, the network is assigned multiple public IP addresses equal to the number of machines in the network. All that the NAT does is translate each private IP address into one of the public IP addresses and vice versa. The two situations for outgoing packets (packets going from the private network to the Internet) and incoming packets (packets going from the Internet to the private network) are shown below. In the second case, the network is assigned a single public IP address that will be used by all computers in the private network. The two situations for outgoing packets and incoming packets are shown afterwards. Case 1: Translating Multi Private IP Address to Multi Public IP addresses a. Outgoing Packets The network address translator (NAT) in this case fills a table that links the different private IP addresses to the different global IP addresses. The format of the NAT table looks like the following: Private IP Address Global IP Address 10.0.0.1 144.18.60.16 10.0.0.2 144.18.60.17 10.0.0.3 144.18.60.18 4
The assignment of global IP addresses to private IP addresses can be fixed (it does not change) or dynamic (it may change each time a machine is switched on). b. Incoming Packets The NAT for incoming traffic does the opposite process of translating the global IP addresses to private IP addresses. In this simple system, the NAT simply looks at its NAT table and determines the corresponding private IP address to which each global IP address of each incoming packet needs to be translated to. Private IP Address Global IP Address 10.0.0.1 144.18.60.16 10.0.0.2 144.18.60.17 10.0.0.3 144.18.60.18 5
Case 2: Translating Multiple Private IP Address to Single Public IP address a. Outgoing Packets In this type of NAT, the process of translation is more complicated as multiple private IP addresses are all translated to a single public IP address. The difficulty becomes clear when we observe the incoming traffic that is all sent to a single IP address (the IP address of the router with the NAT) and the NAT needs to figure out which private IP address from the list of private IP addresses in the local network it needs to translate the public IP address to. The process that specifies how this is done uses the 16 bit ports of the transport layer (TCP or UDP protocols). An IP packet carries either a TCP or a UDP segment. Both TCP and UDP protocols use a specific port to indicate to the destination machine which application they are connecting to (Destination port in the outgoing traffic = Source port in the incoming traffic) and another port that the destination machine will use to communicate to the source machine in the incoming traffic (Source port in the outgoing traffic = Destination Port in the incoming traffic). The Source IP address and Source port in the outgoing packets (column 1 and column 2 in the table below) are used to generate sequence of port values (column 4) that will replace the port values in the outgoing packets. This replacement port becomes the tool by which the NAT identifies the desired machine for the incoming traffic. The NAT table in this case is build in the following format: 6
Private IP address (Source IP Address of outgoing IP packet = Destination IP address of incoming packet) Source Port of outgoing traffic = Destination port of incoming traffic Global IP Address (All outgoing packets have this as source address and all incoming packets have this as their destination address) Destination Port of outgoing traffic = Source port of incoming traffic 10.0.0.1 315 144.18.60.16 25 10.0.0.2 217 144.18.60.16 26 10.0.0.3 590 144.18.60.16 27 NOTE 1: If a computer on the network makes multiple TCP connections (for example requests multiple web pages or downloads multiple files) at the same time, each TCP connection which will have its own Source port (but possibly the same destination IP address and same destination port) will have a separate entry in the NAT table. This becomes clear because not only the public IP address in the incoming packets will have to be translated to the corresponding private IP address but also the correct port will have to be used for the local machine to know to which TCP connection does the IP packet belong to. NOTE 2: As you will learn next lecture, there are specific ranges of IP addresses that are reserved for use in LANs. IP packets with a destination IP address in these ranges are not routed by Internet routers but are actually dropped (discarded). As a result of this, if a machine that assigned a private IP address transmit an IP packet that does not get its IP address translated to a public IP address, its packet may reach its destination without a problem (because the private IP address is the source IP address). However, the response IP packet of the destination server (which has a private IP address as the source address of the packet) will be dropped by the first router over which it passes. 7
b. Incoming Packets For the incoming traffic, the reverse translation becomes easy. The NAT device needs to observe the Source port of the incoming traffic and search its table for the corresponding entry in the (column 4). Once found, it will change the IP address and Port to the corresponding values in Column 1 and 2. Private IP address (Source IP Address of outgoing IP packet = Destination IP address of incoming packet) Source Port of outgoing traffic = Destination port of incoming traffic Global IP Address (All outgoing packets have this as source address and all incoming packets have this as their destination address) Destination Port of outgoing traffic = Source port of incoming traffic 10.0.0.1 315 144.18.60.16 25 10.0.0.2 217 144.18.60.16 26 10.0.0.3 590 144.18.60.16 27 8