Services, main characteristics:
bytes (20) from basic MAC and tagged MAC
+--------------------------------+
1 | Version (4bit) - IHL (4bit) | 45 (5x32 bit) min length :5
+--------------------------------+
1 | Service type | 00
+--------------------------------+
2 | Total length | 05DC = 1500 bytes
| network order: first byte msb | max. length: 65536 bytes
+--------------------------------+
2 | Identification | abcd = 43981
+--------------------------------+
2 | flag (3 bit) + | 00 00
| fragment offset (13 bit) |
+--------------------------------+
1 | time-to-live | 00
+--------------------------------+
1 | protocol | 04 forwarded (transport) protocol (0x06 - TCP, 0x11 - UDP) other code points: RFC 790
+--------------------------------+
2 | IP header checksum | 0bb5
+--------------------------------+
4 | source IP address | 01010102
+--------------------------------+
4 | destination IP address | 02020202
+--------------------------------+
4 | options (3byte) padding (1byte)|
+--------------------------------+
An example:
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes (5x32 bit)
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 1500 bytes
IP: Identification = 43981
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 15 seconds/hops
IP: Protocol = 4 (IP Multicast)
IP: Header checksum = 0BB5, should be F44A
IP: Source address = [1.1.1.2]
IP: Destination address = [2.2.2.2]
IP: No options
IP:
0000: |45 00 20 byte
0010: 05 dc ab cd 00 00 0f 04 0b b5 01 01 01 02 02 02
0020: 02 02 |˙˙˙˙˙˙˙˙˙˙˙
source address, destination address:
Unique network address. Such an address have these:
Management of IP addresses:
Addressing modes:
IPv4 address (4 oktett): a.b.c.d
Classes of IP addresses:
| Size of network | Class | MSB (bin) | first octet | Net Id. | Host Id. |
|---|---|---|---|---|---|
| large | A | 0 | 1-126 | a (7 bits) | b.c.d (24 bits) |
| medium | B | 10 | 128-191 | a.b (14 bits) | c.d (16 bits) |
| small | C | 110 | 192-223 | a.b.c (21 bits) | d (8 bits) |
MSB 111 escape to extended addressing mode
first octet: 224 - multicast
first octet: 127 - internal op. testing
Private IP address (Nodes having such an IP address cannot connect directly to the Internet):
| Size of network | Class | Domain |
|---|---|---|
| large | A | 10.0.0.0 - 10.255.255.255 |
| medium | B | 172.16.0.0 - 172.31.255.255 |
| small | C | 192.168.0.0 - 192.168.255.255 |
Notation of an address domain: eg. 192.168.0.0 - 192.168.0.255 (192.168.0.0/24)
It is mentioned, because the LINUX router does not route this protocol in the ADSL network.
RFC 3022 - Traditional IP Network Address Translator (Traditional NAT)
As it can be seen from its name, NAT is a protocol translating network addresses. Main causes of its introduction is the slowing down of depletion of the IP address space, and other safety thoughts. NAT is the active network building element, which we can typically locate into a border router, or a firewall. NAT examines every IP packet going through it, and forwards them with or without any changes, or throws them away. Comparing to the firewall and route selector elements, it is similar rather to the previous one, even because it has an inner and an outer side, but at the same time, differently from the firewalls, the NAT is able to change the packet. Change is related to the IP header (or perhaps the header of the transport protocol). We could say generally, that NAT make mutual assignments between the IP address space and the TCP/UDP port number space at the inner side and IP address space and the TCP/UDP port number space at the outer side. NAT maybe changes the source address (and perhaps the port number) in the packet going outwards, while in case of a packet going inwards it changes the destination address (and perhaps the port number). It can slow down the depletion so that the non-public IP domains are used at the inner side, while we can access the Internet using outside a smaller domain than in the inner side. On the other hand, there is a natural protection for private virtual networks, that devices and services on the inner side are not accessible from the outside. NAT is widely applied in SOHO (Small Office, Home Office) environment, because Internet can be accessed here basically from a DSL-network, or through a CATV (Community Antenna Television - cable television)-network, where the provider also uses NAT, and it is used for the division of the IP-access at the end of the subscriber loop, too. However, characteristics mentioned above may have drawbacks in many cases. For example:
How can we use NAT in the case of ZyXEL ADSL modem and WLAN router?
Switching the NAT function we can set in the modem at the same time the basic operation mode. We use here the expression "set" instead of "selection", because we will use the method appropriate for the given possibilities, and not the one, which we could choose freely by ourselves. In ZyXEL modem we have two possibilities: we should mark the "SUA Only" (Single User Account) mode, if we can use only a public IP number on the outer side of NAT, or in case, if there is a server on the inner side, which services we would like to make accessible for users or applications on the outer side. We may select the "Full Feature" mode in case, if there are several public IP addresses at our disposal. Besides both operations we have possibilities to further specifications, too ("Edit details").
In case of the SUA Only further specification is interesting mostly in case of presence of servers. If there is no server, then we can determine the port number domain for security reasons, within that we permit the traffic. In case of usage of server mode we must let into inside NAT a certain number of requests arriving for port number domains. In this case we can give with edition of the "Server Set" that to which inner IP number we will forward questions arriving to which port number domain, so we can have more inner servers that can be seen at the same address from the outside.
In case of SUA Only mode we must use the One-to-One or the Many-to-One mapping. In the latter case actually a NAPT (Network Address Port Translation) happens, so we map packets arriving from the inner side on the outer side to an IP number, that we order different port numbers to different local IP numbers. NAT makes it automatically, as well as the re-labelling of the packets arriving as an answer. In case of selection of Full Feature mode the editing of Address Mapping Rules may happen. Here we can describe in a numbered set of rules, that which local IP-address domain we mapped to which global IP-address domain. We must also give the type of mapping. Domains can be with one element, then we can give all the mapping types at the same time (One-to-One, Many-to-One, Many-to-Many Overload, Many-to-Many no Overload, Server.
Note: generation of NAT tables operates on a similar principle, aside from the difference of the terminology.
Computer |
Computer's IP Address |
Computer's Port |
IP Address |
Assigned Port Number |