Network Address Translation - Computerphile

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

we don't have enough addresses to represent every machine so what we can do is we can kind of fake things out and so that's where you get NAT Anthony NAT is network address translation it's allowing this bit of the network to stay as it is using ipv4 even while we've got too many computers connected to actually fit the new ipv4 address with this prefix here which always refers to the first 16 bits 1 2 8 2 4 3 has been handed out at the university not to you so university knocking computers will typically be I don't know if we have other prefixes but certainly many of them will be within that prefix let's imagine that you've got you know the university of knotting is sort of on that side this line we could have lots and lots and lots and lots of computers behind it if we can translate the addresses for each of these machines so that they can fit within on 28.24 3 dot something dot something we can sort of pretend to the rest of the world that this prefix contains enough addresses for us well we've got lots of machines behind that all kind of using and reusing addresses within that space and that was one of those things which was kind of just dawn as a hack to make things work because it was just necessary and so there's lots of idiosyncrasies in the ways of different implementations of it work and it wasn't sort of standardized in advance and then there was a nice set of rules that we could follow people just kind of made it work and then retrospectively looked anything on kind of what have we done here we've got some data in our packet and we've got a TCP header and we've got an IP header what NAT does is it uses some of the bits in the TCP header and uses them essentially to extend the address space for the IP addresses the particular bits it uses what's called the port numbers and in particular using the source port very commonly the idea with that is that when you're talking to another application on internet so you wear brands who's talking of a web server for example it indicates that by putting a value in the destination port number and it's that which gets used by the receiving computer to work out which application should get given this data so for web servers commonly that will be port 80 and port 443 maybe one or two others but those are the two standard ones so port 80 is usually used for carrying web traffic carrying HTTP it's just the convention doesn't have to be carry anything else you like on that but that's the indicator that's used by the receiving machine to say which application gets this data and that's the destination port now the source port is used by the receiving machine to know where to send the response back to but it can be manipulated along the way providing that manipulation can be kind of undone on the way back so there might be a machine here of the kind of at the gateway at the University of Nottingham Network which is able to say okay we've got far too many machines here to fit inside this space we're gonna have to map the address of let's say this machine 10.0.0.0 - there know how to get to 1 2 8 2 4 3 dot something and so we need to convert this address here into an address that fits inside there so what we could do is we could set up a little table and it could say ok 10.00 on this side this gateway machine here is going to convert that into one 28.24 3.20 dot 20 and that's fine and that'll work but that means we still only have this many slots so what it could also do is it could say okay well how about I also rewrite the source port number as well so that when it says source port 30 2621 I'm going to remap that to source port 16 and so what we've got here is we're looking at taking all of this data and remapping it into that and because each machine here will typically not be using the maximum possible number of connections you end up with the ability to fit more machines activity into the same number of addresses this is called multiplexing when you're taking more things and picking them into a smaller thing essentially so on the way out this translation happens in that direction then on the way back it has to be translated back in the alliteration so that something out here you know the server that you were trying to get to over here it's sending stuff back to 1 to a 2 4 3 20 20 destination port 16 and then it's this gateway here is the only thing in the world that knows that that really maps to this particular machine and that particular application on that particular machine and so you've got this translation that happens in one direction and you have to undo the translation in the other direction to be able to get back to and that's what makes this complex how does that equate to say me sitting at home on my bra so it's exactly the same process modulo the particular details of how math is working in a particular device but basically it's the same process so inside your home network for example if you ever look at the IP addresses of any of your devices you might see that they'll often start with 10 there will be 10.0 a lot something will 10.1 not something or they'll start with 191 6 8 but something or in some cases they may start with 172 dot something that's a bit rarer and those addresses all those sets of the dresses are in what's called private addresses so you never see them on the public internet they're only for use behind one of these devices in a private network and then it's you're a Rooter that does the translation for you each router in your home has actually has a unique address it's not being done by the ISP they're in this translation well so what's happening is you've got a Rooter sitting in your home and that's connected by a cable to your ISPs network there will be a public address on this side of the cable and then on this side inside your home you've got all these private addresses and then there's a public address here and it's this Rooter here that's doing this process for all of your private addresses so your laptop your iPad your phone whatever it is that you've got inside your house all of their accesses out to the network they're getting translated so that your ISP which then connects through to usually in many urban bigger networks eventually you know to somebody like Google or something as far as your eyes P is concerned they've been given a certain amount certain number of addresses and they're using those addresses to support many people each of whom have many many computers perhaps and so these layers of translation are happening in order that your data can get through to Google and Google's responsible whoever it might be Microsoft response can get back to you all the while without having enough of these IP addresses to cover every single households use of all of these computers so that translation is happening everywhere it's allowing this bit of the network to stay as it is using ipv4 even while we've got too many computers connected to actually fit with the new idea for address space and that makes them Network less robust you've now ended up with sort of single point so this guy here for example this Reuter here is the only thing that knows how to do this translation and so that fails stop stop working it's more complex to kind of set up backups and things because they have to now share all this information there's got to be maintained there's gotta be maintained in that place you've also got problems to do with the complexity this introduces so you can have situations perhaps where your network might also be doing this same process when it talks to other networks because your networks not being able to get enough addresses for all the customers it's got and so you've got this translation happening in multiple places and it becomes difficult then for somebody to debug what's going on so things aren't working quite right but you've got all these different layers of translation it becomes quite complex to see what's happening if you believe this sort of strict picture where you've got Ethernet at the bottom you've got IP above that you've got TCP above that you've got let's say HTTP above that so this is the protocols of the web users you believe that really strictly there should be no cases where information from down here is being used directly to do things at this layer there should be no cases where information this layer is being used to ready to do things at that layer these abstractions should be maintained but in practice they're not for a variety of reasons many good engineering reasons in some cases when you start doing things like that another protocol might have been relying on knowing the source address for example when the source address gets changed under its feet without it knowing about it you end up with a situation where somewhere in the data in the packet you've got the source address ten dot 0 dot 0 dot in the header by the NAP machine that's been changed to one two eight two four three dot twenty twenty and suddenly these things don't match anymore so when you're trying to connect to it another computer this is the addresses use that's fine negating the right computer but then when the software in my computer tries to refer to the address that the packet came from it ends up having to use this address and that's no longer the right address and so that protocol is brittle in the face of this kind of manipulation because it's now not going to work quite correctly so this was its particular problem with Internet telephony you may want to set up a connection between two machines which are both in somebody's in different people's houses behind this kind of translation the first machine tries to essentially place a phone call to the second machine what address should it use because it can't know which of these $10 dresses or one line two addresses it is because that's translation is going to be maintained by the nap box that's sitting in the home gateway of that house I'm reaching that house and so it doesn't know what the translation is yet as though it's got no way to refer to the particular phone and wants to ring inside that house as soon as then a whole bunch of other protocols had to be developed to try and allow that kind of situation to be resolved where you wanted to get essentially kind of have those two machines rendezvous to exchange information about what their current private addresses are and what the current public facing addresses are according to the NAP process that's run in front of them so that the guy making the call can use the right public address try and get the packets through to the right place in the network the protocols running above which previously could assume that if they looked at the IP at their source IP address it really would be their source IP address and everybody else could reach that and so they could always use that now they can't and that assumption then breaks the way those protocol for breaking that assumption breaks those protocols each of these different layers provides a different set of abstractions it sort of builds on the abstractions provided by whatever's below it and it provides some abstraction of the thing above it for example if you look at an Ethernet header essentially you've got a sequence of stuff on there so you start out with the destination address then you have a source address and then depending on precisely the version of Ethernet you're running you have some information about the protocol of what's coming next

Info

Channel: Computerphile

Views: 120,560

Rating: 4.9482589 out of 5

Keywords: computers, Network Address Translation, ip, Internet Protocol (Invention)

Id: 01ajHxPLxAw

Channel Id: undefined

Length: 10min 50sec (650 seconds)

Published: Tue Aug 27 2013