NAT - Network Address Translation

NAT
The NAT concept is simple: it allows a single device to act as an Internet gateway for internal LAN clients by translating the clients' internal network IP Addresses into the IP Address on the NAT-enabled gateway device.

In other words, NAT runs on the device that's connected to the Internet and hides the rest of your network from the public, thus making your whole network appear as one device (or computer, if you like) to the rest of the world.

NAT is transparent to your network, meaning all internal network devices are not required to be reconfigured in order to access the Internet. All that's required is to let your network devices know that the NAT device is the default gateway to the Internet.

NAT is secure since it hides your network from the Internet. All communications from your private network are handled by the NAT device, which will ensure all the appropriate translations are performed and provide a flawless connection between your devices and the Internet.

The diagram below illustrates this:

As you can see, we have a simple network of 4 hosts (computers) and one router that connects this network to the Internet. All hosts in our network have a private Class C IP Address, including the router's private interface (192.168.0.1), while the public interface that's connected to the Internet has a real IP Address (203.31.220.134).

HOW NAT WORKS

IPv4 Addressing, Subnetting and CIDR

IP Addressing:

An IP (Internet Protocol) address is a unique identifier for a node or host connection on an IP network. An IP address

is a 32 bit binary number usually represented as 4 decimal values, each representing 8 bits, in the range 0 to 255

(Known as octets) separated by decimal points. This is known as "dotted decimal" notation.

Example: 140.179.220.200

It is sometimes useful to view the values in their binary form.

140 .179 .220 .200

10001100.10110011.11011100.11001000

Every IP address consists of two parts, one identifying the network and one identifying the node. The Class of the

address and the subnet mask determine which part belongs to the network address and which part belongs to the

node address.

Address Classes:

There are 5 different address classes. You can determine which class any IP address is in by examining the first 4

bits of the IP address.

Class A addresses begin with 0xxx, or 1 to 126 decimal.

Class B addresses begin with 10xx, or 128 to 191 decimal.

Class C addresses begin with 110x, or 192 to 223 decimal.

Class D addresses begin with 1110, or 224 to 239 decimal.

Class E addresses begin with 1111, or 240 to 254 decimal.

Examining your network with commands:

PING

PING is used to check for a response from another computer on the network. It can tell you a great deal of information about the status of the network and the computers you are communicating with.

Ping returns different responses depending on the computer in question. The responses are similar depending on the options used.
Ping uses IP to request a response from the host. It does not use TCP .It takes its name from a submarine sonar search - you send a short sound burst and listen for an echo - a ping -coming back.
In an IP network, `ping' sends a short data burst - a single packet - and listens for a single packet in reply. Since this tests the most basic function of an IP network (delivery of single packet), it's easy to see how you can learn a lot from some `pings'.
To stop ping, type control-c. This terminates the program and prints out a nice summary of the number of packets transmitted, the number received, and the percentage of packets lost, plus the minimum, average, and maximum round-trip times of the packets.

Sample ping session
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=6 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=7 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=8 ttl=255 time=2 ms
64 bytes from 127.0.0.1: icmp_seq=9 ttl=255 time=2 ms
localhost ping statistics
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 2/2/2 ms

The Time To Live (TTL) field can be interesting. The main purpose of this is so that a packet doesn't live forever on the network and will eventually die when it is deemed "lost."  But for us, it provides additional information. We can use the TTL to determine approximately how many router hops the packet has gone through. In this case it's 255 minus N hops, where N is the TTL of the returning Echo Replies. If the TTL field varies in successive pings, it could indicate
that the successive reply packets are going via different routes, which isn't a great thing.

The time field is an indication of the round-trip time to get a packet to the remote host. The reply is measured in milliseconds. In general, it's best if round-trip times are under 200 milliseconds. The time it takes a packet to reach its destination is called latency. If you see a large variance in the round-trip times (which is called "jitter"), you are going to see poor performance talking to the host.


NSLOOKUP

NSLOOKUP is an application that facilitates looking up hostnames on the network. It can reveal the IP address of a host or, using the IP address, return the host name.
It is very important when troubleshooting problems on a network that you can verify the components of the networking process. Nslookup allows this by revealing details within the infrastructure.

NETSTAT

NETSTAT is used to look up the various active connections within a computer. It is helpful to understand what computers or networks you are connected to. This allows you to further investigate problems. One host may be responding well but another may be less responsive.

IPCONFIG

This is a Microsoft windows NT, 2000 command. It is very useful in determining what could be wrong with a network.
This command when used with the /all switch, reveal enormous amounts of troubleshooting information within the system.

Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : My-PC
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 12.90.108.123
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 12.90.108.125
DNS Servers . . . . . . . . . . . : 12.102.244.2 204.127.129.2

Types of point-to-point network connectivity

In telecommunications, a point-to-point connection refers to a communications connection between two nodes or endpoints.

Other examples of point-to-point communications links are leased lines, microwave relay links, and two way radio.

First off, there is no “silver bullet” when it comes to point-to-point connectivity. All options have advantages and disadvantages. All.

Fiber & WiFi:  Designing long-distance or outside plant applications generally means choosing cabling containing single-mode (SM) fiber over all other media. Most of these systems are designed to be used over distances and speeds that preclude anything but SM fiber. Occasionally, other options may be more cost effective. For example, if a company has two buildings on opposite sides of a highway, then a line-of-sight with 2.4/5 Ghz radio wireless network may be easier to use, since it would have lower costs of installation and more easily obtainable permits.

VPN A VPN is created by establishing a virtual point-to-point connection through the      use of dedicated connections, virtual tunneling protocols, or traffic encryptions. VPNs allow employees to securely access their company's intranet while traveling outside the office. Through VPN you can access your private network over Internet. If our security requirements, budget matches the VPN Technology, we had avoid for going for lease line solution and from huge monthly bills..

Full Duplex Fixed Wireless WiMAX: WiMAX operates on both licensed and non-licensed frequencies, providing a regulated Environment and viable economic model for wireless carriers. WiMAX can be used for wireless networking in much the same way as the more common WiFi protocol for Backhaul. Ø  Provides True Full Duplex connections. Ø  Provides Extremely low latency Ø  In Outdoor area, Can be used upto 15 Km distance (Line of sight) from BTS site.  Ø  Providing a wireless alternative to cable and DSL for "last mile" broadband access. Ø  Providing data and telecommunications services. Ø  Providing a source of Internet connectivity as part of a business continuity plan

SNMP

Simple Network Management Protocol

SNMP is a standard protocol for network management in IP Networks. Network administrators use SNMP for managing & monitor devices and map network availability, performance, and error rates.

Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.

Understanding SNMP basics

An SNMP-managed network consists of three key components:

• Managed device
• Agent — software which runs on managed devices
• Network management station (NMS) — software which runs on the manager

IP multicast

Multicasting allows a one-to-many transmission that consists of a single data stream that is propagated to any host that wants to receive the data stream, without unnecessarily sending that data stream to hosts that do not want to receive the data stream. 

That means multicast traffic must be controlled in some fashion at both a Layer 2 level and Layer 3 level.

IP multi-casting is a communication mechanism in which data is communicated from server to a set of clients who are interested in receiving that data. Any client can dynamically enter or leave the communication.

Multicast is important for any application that needs to send large amounts of the same information to multiple devices. Common uses for multicast traffic include:

• Multimedia applications that consume high bandwidth, such as streaming video and TV servers
• Voice-conferencing applications
• Software distribution applications
• Routing protocols such as Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) version 2
• Any application that requires a central host to efficiently send the same message to multiple peers

QoS

Quality of Service in IP networks

 QoS aims at prioritization of critical traffic over non-critical traffic (e.g. giving RTP=voice
higher priority than email/HTTP or guaranteeing a certain maximum end-to-end delay).

 The internet is „best-effort“ service (fire and forget). Packets may be dropped by routers in
case of congestion or be unduly delayed (which is bad for real-time applications).

 QoS is not widely implemented and available today (only limited applications, e.g. in LANs 
or on leased lines). Real-time applications (VoIP, Video over IP) work reasonably well since
there is sufficient bandwidth available. But during peak hours (office hours) the quality of
real-time applications may be impaired by increased packet loss and delay.

Basic difference between layer-2 and layer-3 QoS

Explanation:

layer-2 has frames while packets are at layer-3, if that is clear, read on :-)

Layer-2 802.1Q frames have a 2-byte field called Tag Control Information. The three most significant bits of this 2-byte field represents the CoS (Class of Service) value. Layer-2 QoS is represented by this CoS value which is from 0 to 7 (thus 8 values). In addition to 802.1Q and Cisco proprietary ISL (Inter-Switch Link), no other layer-2 frames can have CoS (and hence QoS) values!

IEEE 802.1Q (also known as VLAN tagging) defines a 3-bit field called Class of Service (CoS), which can be used in order to differentiate traffic. Table 1 shows the 8 possible values of the CoS field and their original purpose.

CoS	Acronym	Purpose
0	BE	Best effort
1	BK	Background
2	-	Spare
3	EE	Excellent Effort
4	CL	Controlled Load
5	VI	"Video" < 100 ms latency and jitter
6	VO	"Voice" < 10 ms latency and jitter
7	NC	Network control

Layer-3 IP packets can carry either an IP precedence (IPP) value or a Differentiated Services Code Point (DSCP) value. QoS supports the use of either value because DSCP values are backward-compatible with IP precedence values.

IP precedence values range from 0 to 7.
DSCP values range from 0 to 63
Both IPP and DSCP use the bits in the ToS (Type of Service) byte in the IPv4 header. IPP uses the 3 Most Significant Bits (MSB) while DSCP uses the 6 MSBs of the ToS byte

Following picture shall be helpful in understanding:

So, remember: layer-2 QoS deals with CoS, while at layer-3 we deal with IPP and|or DSCP

Scenario:

Once the Layer 3 configuration is applied to router (packet flow over Layer 3 Network) and the Layer 2 configuration is applied to the switch, the customer is given end-to-end QoS.

There are two options concerning the marking of packets or frames performed by the border router at the egress:

• CoS marking: For each packet with a given DSCP value, mark the frame with the corresponding CoS value as indicated in Table 2.

• DSCP	CoS	Description
  46,47,40	5	IP Premium
  0	0	Best Effort
  8	1	Less than Best Effort

  TABLE 2.

  DSCP-to-CoS mapping.
• DSCP marking: For each packet with a given DSCP value keep this value intact.
• CoS classification is preferred as it can provide backwards compatibility with some no-multilayer capable switches.

DNS & Dynamic DNS

DNS:

The DNS translates Internet domain and host names to IP addresses.

DDNS:

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames, addresses or other information.

The term is used in two contexts which, while technically similar, have very different purposes and user populations.

DNS Basics

when a network application like Safari or firefox needs to make a connection, it needs the IP address of the remote computer. Normally, this process starts with the hostname, such as "www.facebook.com".

The DNS Server the looks up the numeric IP address that corresponds to the hostname.

 

A visual example of the basic DNS lookup process.

Dynamic DNS

But for residential and small business customers, their public IP address (assigned by their ISP) frequently changes.

But this situation does make it hard to reliably connect to that location, because you never know when the IP address might change. 
They neatly solve this problem, by constantly updating their own DNS servers with the latest information about what IP address a particular hostname points to.

When you sign up with one of these DDNS services, you get your own hostname(s). You can usually choose from a variety of names, but you end up with something like "crazyhorse.example.net"

You then install a small client program on your Mac, which sends updates to your dynamic DNS service whenever your network public  IP address changes. 

 

The next time some software somewhere looks up the numeric IP address that corresponds to the hostname, it gets the new information, and connects to the new IP address.

 

That is the basic principle by which dynamic DNS solves the changing-IP-address problem inherent to most residential Internet service. 

Usage:

To use DDNS, one simply signs up with a DDNS provider and installs network software on their host to monitor its IP address. For example, dyndns.com provides a free dynamic DDNS service via software that can run on Windows, Mac or Linux computers.

Dynamic DNS is an feature  for IP based security appliances like DVRs and IP cameras.
Many options are available for today's manufacturer, and these include the use of existing DDNS services like dyn.com or no-ip.com or the use of custom services hosted by the manufacturer themselves.

Some device manufacturers go a step further by only allowing their DDNS Service to be used by the devices they manufacture, and also eliminate the need for user names and passwords altogether.