ECE 526 – Network ECE 526 – Network Processing Systems Processing Systems

DesignDesignNetwork Address Translator

Ning Weng ECE 526 2

OverviewOverview• What is Network Address Translation (NAT)• Conceptually Implementation

─ Complexity and simplifying assumptions─ TCP/UDP packet processing─ ARP packet processing─ NAT table creation and management─ Head lookup and field changes

• IXP Implementation─ Software components and structure─ NAT microblock implementation─ Header caching, alignment

Ning Weng ECE 526 3

What is NAT?What is NAT?• System allowing multiple computers share single

global IP address• Changing packet header: address, port number,

IDs and etc• Located between a set of computers at a site and

rest of the Internet

Ning Weng ECE 526 4

NAT ExampleNAT Example

• ISP Router• Local Area Network:

─ 10.0.0.0/8: net 10 prefix─ Nonroutable─ each computer has unique IP address

• NAT─ Global IP 192.168.0.2─ Local IP: 10.0.0.1─ Router for Local Area Network

Ning Weng ECE 526 5

How does NAT WorkHow does NAT Work• Rewrite packet header as packet pass through• Questions

─ 1. Which fields should be changed─ 2. Are these change independent of packet types,

packet flow direction─ 3. How should they be changed─ 4. What is the complexity

Ning Weng ECE 526 6

Packet TypePacket Type• TCP/UDP

─ IP address: global unique identify of IP network, looked by router

• Source and destination

─ Port number: application dependent• Source• Destination

• ARP (address resolution protocol)─ IP address─ MAC address

• Any other fields?

Ning Weng ECE 526 7

Packet Flow DirectionPacket Flow Direction• Outgoing: to the internet

─ SIP, DIP─ Sport, Dport─ IP Proto filed

• Incoming: from internet─ Is same as outgoing?

Ning Weng ECE 526 8

Packet Field Change Cross Packet Field Change Cross NATNAT

Ning Weng ECE 526 9

NAT Table ExampleNAT Table Example

• *.2 and *.3 access web server at 128.10.2.1

• *.4 ping 192.5.3.1

Ning Weng ECE 526 10

NAT Table LookupNAT Table Lookup

• Incoming and outgoing different

• Two independent hash tables used

Ning Weng ECE 526 11

NAT Table ImplementationNAT Table Implementation

• Packet direction: f_nat or r_nat

• Extract fields, computer hash value and bucket value

Ning Weng ECE 526 12

NAT ComplexityNAT Complexity• Fragmentation causes header of encapsulated

protocol are only present in first fragment─ E.g., no port number available for later fragments

• IP datagram with options• Memory requirement for NAT table

Ning Weng ECE 526 13

NAT Table ManagementNAT Table Management• Creation

─ Automatically─ Add one entry when it is first packet for new flow

• Table entry lifetime─ Based on packet header

• E.g., Fin or reset for TCP

─ Aging• Counter down timer

– Reset to maximum value once used– Decrease one every cycle

• Table entry update ─ Least recent used─ Priority heuristic

• TCP > UDP > ARP >others

Ning Weng ECE 526 14

NAT IXP Implementation NAT IXP Implementation

Ning Weng ECE 526 15

NAT Overall StructureNAT Overall Structure

• What are implementation ideas to improve throughput?

Ning Weng ECE 526 16

NAT Microblock NAT Microblock OrganizationOrganization

Ning Weng ECE 526 17

ReminderReminder• Example System on IXP2400 II: chapter 25• Example of other commercial NPs: chapter 15