David's raw ML reference notes

CS-340 Lecture 9 NAT and IPv6

3 min read

  • Allows you to multiplex a public IP address
  • Uses port numbers:
    • Make whole local network look like one machine
    • Just as port numbers multiplex to processes, NAT multiplexes to devices
  • But the machine also has a destination port
    • So the NAT needs a “NAT table” to map from public port to the tuple of (local IP address, port)
  • Outgoing datagrams:
    1. Create or retrieve mapping from (source IP, port) to (NAT public IP, new port)
    2. Replace (source IP, private port) with (nat IP, public port) in datagram
  • Incoming datagram
    • Retrieve mapping and replace
    • If mapping is not known, packet cannot be routed
  • NAT can be configured for port forwarding:
    • Literally just a manually configured forwarding rule that does not need to be kept alive
  • Older protocols (eg SIP, used for telephony) can’t be translated by NAT
  • Since the mapping needs to purge old mappings (to make room), temporarily inactive connections can be lost
  • Peer-to-peer (incl. Skype!) is very difficult with NAT
    • Solution: send through a relay server
    • Relay must keep track of all available hosts to facilitate discovery
  • Other benefits of NAT:
    • Security (unsolicited inbound requests are impossible)
    • Configuration isolation / abstraction
    • Layer-4 Load balancing (this of course accepts inbound)
  • NAT load balancing:
    • Make multiple servers look like one server
    • Use internally specified rules to distribute requests
  • Layer 4 load balancers can adapt much more quickly
    • Nothing needs to propagate across the network
  • But only layer 7 (DNS) LB is request-aware
    • Layer 7 has URLs; layer 4 has only IP addresses
    • Layer 7 can also terminate TLS and inspect traffic
    • See ChatGPT convo for more
  • Middleboxes
    • Transform, filter, or inspect packets
    • Load balancers are one example
    • Firewalls drop traffic according to simple rules
    • Deep packet inspection firewalls drop traffic based on application-aware logic
    • Intrusion detection analyzes traffic over time
  • IPv6
    • Uses 128-bit addresses instead of 32 bits
    • Much larger header much more overhead
    • Adoption at 45% as of this writing
      • Highest in India, France
      • Nearly nil in China, Russia
      • Linear increase since 2018
  • IPv6 notation
    • 8x16-bit groups (expressed as hexadecimal quads)
    • Groups of zeros can be replaced with ::
    • Leading zeros within each group can be omitted
  • IPv6 datagram:
    • IPv6 version
    • Priority/traffic class: facilitate routing decisions
    • Flow label: application-specific field
    • Payload length
    • Next layer: TCP or UDP only, IMCP no longer present
    • Hop limit (=TTL)
    • Source and destination address
    • Checksum is gone—redundant with TCP
  • IPv6 and IPv4 can be routed between another via tunneling:
    • Enabled router treats the other type as a payload, and wraps it in a new IP datagram
    • Enabled router at other end unwraps the original payload
  • Tunneling makes IPv6 even more bloated
    • Raises a question of why anyone would actually do it
    • Chatted with ChatGPT about it; not satisified with answer
  • IPv6 DNS mappings expressed via AAAA records
    • “Happy eyeballs dual stack” involves sending A and AAAA requests, and then keeping the connection that’s established first
    • I guess implying that, if AAAA is ever first, there’s a latency advantage to supporting IPv6

Graph View

Backlinks

  • No backlinks found