Chapter 30 Private Networks, Virtual Private Networks, and Network Address Translation - PowerPoint PPT Presentation

Loading...

PPT – Chapter 30 Private Networks, Virtual Private Networks, and Network Address Translation PowerPoint presentation | free to view - id: 436248-Y2RiY



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Chapter 30 Private Networks, Virtual Private Networks, and Network Address Translation

Description:

Chapter 30 Private Networks, Virtual Private Networks, and Network Address Translation Outline PRIVATE NETWORKS VIRTUAL PRIVATE NETWORKS (VPN) NETWORK ADDRESS ... – PowerPoint PPT presentation

Number of Views:1116
Avg rating:3.0/5.0
Slides: 40
Provided by: MarilynT6
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Chapter 30 Private Networks, Virtual Private Networks, and Network Address Translation


1
Chapter 30Private Networks, Virtual Private
Networks, and Network Address Translation
2
Outline
  • PRIVATE NETWORKS
  • VIRTUAL PRIVATE NETWORKS (VPN)
  • NETWORK ADDRESS RESOLUTION (NAT)

3
30.1
PRIVATE NETWORKS
The McGraw-Hill Companies, Inc., 2000
4
Private Networks
  • Designed to be used inside an organization
  • Intranet
  • A private network (LAN) that uses the TCP/IP
    protocol suite
  • However, access to the private network is limited
    only to the users inside the organization
  • Extranet
  • The same as an intranet with one major difference
  • Some resources may be accessed by specific groups
    of uses outside the organization under the
    control of the network administrators
  • For example, a university can allow distance
    learning students access to the computer lab
    after passwords have been checked

5
Addressing
  • A private network has its IP address by the
    following three methods
  • The network can apply for a set of addresses from
    the Internet authorities and use them without
    being connected to the Internet
  • Advantage easy when the organization decides to
    be connected to the network
  • Disadvantage the address space is wasted
  • The network can use any set of addresses without
    registering with the Internet authorities
  • The network can use any set of addresses without
    registering with the Internet authorities
  • Because the network is isolated, the address do
    not have to be unique
  • Drawback users might mistakenly confuse the
    address as part of the global network

6
Addressing (Cont.)
  • The internet authorities have reserved three sets
    of addresses to overcome the problems in previous
    two strategies
  • Without permission from the Internet authorities
  • Everybody knows that these reserved addresses are
    for private networks
  • Unique inside the organization, but not unique
    globally
  • No router will forward a packet that has one of
    these address as the destination address

7
Addresses for Private Networks
Prefix Range Total
10/8 10.0.0.0 10.255.255.255.255 224
172.16/12 172.16.0.0 172.31.255.255 220
192.168/16 192.168.0.0 192.168.255.255 216
8
30.2
VIRTUAL PRIVATE NETWORKS(VPN)
The McGraw-Hill Companies, Inc., 2000
9
Virtual Private Networks (VPN)
  • Use the global Internet for both intra- and
    inter-organization communication
  • But require privacy in their intra-organization
    communication
  • How to achieving Privacy
  • Three strategies private networks, hybrid
    networks, and virtual private networks

10
Private Networks
  • An organization that needs privacy when routing
    information inside the organization can use a
    private network
  • Small organization with one single site
  • Can use an isolated LAN
  • Data in the organization is totally remain inside
    the organization, secure from outsiders
  • Large organization with several sites
  • The LANs at different site can be connected using
    routers and leased lines
  • Thus, network is made out of private LANs and
    private WANs

11
Figure 30-1
Private Network with Large Organization
The McGraw-Hill Companies, Inc., 2000
12
Private Networks (Cont.)
  • Thus, the organization has created a private
    internet that is totally isolated from the global
    Internet
  • There is no need for the organization to apply
    for IP addresses with the Internet authorities
  • Because the internet is private, duplication of
    addresses by another organization in the global
    Internet is not a problem

13
Hybrid Network
  • However, above scenario does not allow the
    organizations to be connected to the global
    Internet
  • Solution hybrid network
  • Allow a organization to have its own private
    internet
  • Intraorganization data is routed through private
    network
  • And allow to access to the global Internet
  • Interorganization data is routed through global
    Internet

14
Figure 30-2
Hybrid Network
The McGraw-Hill Companies, Inc., 2000
15
Virtual Private Networks
  • Both private and hybrid networks have a major
    drawback cost
  • Private wide area networks are expensive
  • To connect several sites, an organization needs
    several leased lines
  • Goal use the global Internet for both private
    and public communication
  • Solution virtual private network (VPN)

16
Virtual Private Networks (Cont.)
  • VPN creates a network that is private but virtual
  • Private it guarantees privacy inside an
    organization
  • Virtual it does not use real private WANs
  • The network is physically public but virtually
    private

17
Figure 30-3
Virtual Private Network
The McGraw-Hill Companies, Inc., 2000
18
VPN Technology
  • VPN uses two simultaneous technologies to
    guarantee privacy for an organization
  • IPSec
  • Tunneling

19
IPSec
  • Discussed in Chapter 29
  • A virtual private network can use either AH or
    ESP for authentication and privacy

20
Tunneling
  • Each IP datagram destined for private use in the
    organization must be encapsulated in another
    datagram
  • The inner datagram carries the actual source and
    destination address
  • The outer datagram header carries the source and
    destination of the two router, i.e., R1 and R2

21
Figure 30-4
Tunneling
The McGraw-Hill Companies, Inc., 2000
22
Tunneling (Cont.)
  • Note that, the entire IP datagram must be first
    encrypted and then encapsulated
  • R1 encrypts the datagram
  • R2 decrypts the datagram

23
Figure 30-5
Addressing in a VPN
The McGraw-Hill Companies, Inc., 2000
24
30.3
NETWORK ADDRESSTRANSLATION(NAT)
The McGraw-Hill Companies, Inc., 2000
25
Network Address Translation (NAT)
  • Allow
  • A set of private addresses for internal
    communication
  • A set of (at least one) global Internet addresses
    for communication with another site
  • From the next slide
  • The private network uses private addresses
  • The NAT router uses one private address and one
    global address
  • The rest of the internet sees only the NAT router
    with the address 200.24.5.8

26
Figure 30-6
NAT
The McGraw-Hill Companies, Inc., 2000
27
Address Translation
  • NAT
  • Replaces the source address of all outgoing
    packets with the global NAT address
  • Replace the destination address of all incoming
    packets with the appropriate private address

28
Figure 30-7
Address Translation
The McGraw-Hill Companies, Inc., 2000
29
Translation Table
  • Used by the NAT to drive the destination address
    for a packet coming from the Internet
  • Three cases
  • Using one IP address
  • Using a Pool of IP addresses
  • Using Both IP addresses and Port numbers

30
Using One IP Address
  • The translation table has only two columns
  • The private address
  • The external address (destination address of the
    packet)
  • When the router translates the source address of
    the outgoing packet
  • It also make note of the destination address,
    where the packet is going

31
Figure 30-8
Translation
The McGraw-Hill Companies, Inc., 2000
32
Using One IP Address (Cont.)
  • Communication must always be initiated by the
    private network
  • Thus, a private network cannot run a server
    program for clients outside of its network if it
    is using NAT technology

33
Using a Pool of IP Addresses
  • Using only one global address allows only one
    private-network host to access the same external
    host
  • Solution using a pool of IP addresses
  • For example, if the NAT can use four address
  • Four private-network hosts can communicate with
    the same external host at the same time

34
Using a Pool of IP Addresses (Cont.)
  • Drawbacks
  • No more than four connections can be made to the
    same destination
  • No private-network host can access two external
    server program (e.g., HTTP and TELNET) at the
    same time
  • Two private-network hosts cannot access the same
    external server program at the same time

35
Using Both IP Addresses and Port Numbers
  • To allow a many-to-many relationship between
    private-network hosts and external server
    programs
  • We need more information in the translation table
  • When the response comes back, the combination of
    source address (25.8.3.2) and destination port
    number (1400) define the private network host

36
Five-Column Translation Table
Private Address Private Port External Address External Port Transport Protocol
172.18.3.1 1400 25.8.3.2 80 TCP
172.15.3.2 1401 25.8.3.2 80 TCP

37
Using Both IP Addresses and Port Numbers
  • Thus, for this translation to work, the temporary
    port number (1400 and 1401) must be unique

38
NAT and ISP
  • An ISP the serves dial-up customers can use NAT
    technology to conserve address
  • For example, an ISP is granted 1000 addresses
  • But has 100,000 customers
  • The ISP can divide the customers into 1000 groups
  • Each group is a private network

39
Figure 30-9
An ISP and NAT
The McGraw-Hill Companies, Inc., 2000
About PowerShow.com