160 likes | 277 Vues
Communicating Globally Using Private IP Addresses. Lauri Virtanen. Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department of Communications and Networking October 29th, 2009. Agenda
E N D
CommunicatingGloballyUsingPrivate IP Addresses Lauri Virtanen Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department of Communications and Networking October 29th, 2009
Agenda • Backround & Objectives • Network Address Translation (NAT) • Domain Name System (DNS) • Customer Edge Switching (CES) Concept • CES Prototype • Evaluation • Conclusions
Backround & Objectives • The growing of Internet has generated problems • The run out of IPv4 addresses • Weak deployment of IPv6 addressing • Oversizing routing tables • Reachability problem • A new architecture model needed to solve the current problems
Network Address Translation (NAT) • An edge device that relays packets • Changes address and port information from outgoing and incoming packets • Traffic originates from inside to outside direction • Inbound connection not possible -> reachability problem
Domain Name System (DNS) • Main use is solving domain names to IP addresses • In DNS, data is stored in resource records (RR) • E.g. A-type RR: domain_name _Host_A <-> IPv4_address_Host_A
Customer Edge Switching (CES) Concept • CES is a model for the future Internet • Idea to solve the reachability problem • Idea to prevent IPv4 addresses from extinction by using them privately • Removes the need for IPv6 and also increases security • CES is aimed to be implemented with as little modification as necessary in the existing equipments • Modifications allowed in DNS and NAT, hosts remain the same • Aims at dividing the ownership of network into reasonable pieces: Trust domains (corporate networks, operator networks)
CES architecture: • Routing independent in every Trust domain • Network elements: host, CES, PE, DNS • Identities are known only in its respective private network • E.g. Identity of Host X is kept in its home CES device (CES X) and also in the DNS
CES Network Elements Explained • Host: • Basic IPv4 stacked • CES: • NAT extension containing its features: mappings and tables • Contains information of all the registered hosts (HRL) • Address pool of IPv4 addresses • Hash calculating algorithm • DNS: • Needs a new resource record (RR) type: • domain_name_Host_X = Address_CES_X + hash_Host_X • E.g. host_x.foobar = MAC_CES_X + 1234
CES Prototype • The implemented prototype differs slightly from CES concept • No PE devices • Prototype built on virtual PCs running Linux/Debian • Programming done with Python • DNS executed with DNSPython toolkit • Packet generating, sending and receiving done with Scapy
Network Diagram: • 2 Hosts, 2 CES devices and DNS • IP routing (layer 3) in customer networks • Ethernet (layer 2) based routing in public network
Evaluation • CES can be implemented with only a few modifications in the existing infrastructure • Only NAT and DNS need modifications • Hosts are still IPv4 stacked computers • CES works with most of the common protocols • According to testing, CES works with TCP, UDP, ICMP, HTTP and SSH • Still lacks compatibility with FTP and SIP
Test Results • FTP and SIP fail as private addresses are placed in payload fields • FTP and SIP does not work with two NATs (or CESs) • Packet modification in CES could solve this
Conclusions • The prototype proves the functioning of CES concept • CES solves the reachability problem • CES reuses IPv4 addresses effectively • CES excludes the need for IPv6 addresses • CES enhances security • No modification needed in end-hosts
Future Research • Connecting CES prototype to other networks • Modification of CES prototype • Designing and choosing algorithms for calculating IDs