facility, which means that packets may be lost, arrive multiple times,
or out of order. Moreover, packets can be fragmented or defragmented. </p>
+SUBSECTION(«Network Address Translation (NAT)»)
+
+<p> IP addresses are a global resource, so each address must only be
+assigned to at most one device. The <em>Internet Assigned Numbers
+Authority</em> (IANA) coordinates who is entitled to use any given
+range of IPv4 addresses. However, a number IP ranges, for example the
+ranges 10.0.0.0-10.255.255.255 and 192.168.0.0-192.168.255.255, are
+reserved for local use only so that these addresses can be assigned
+in multiple local networks without interfering with each other. </p>
+
+<p> In a network which contains only local addresses, the devices
+can communicate with each other, but they will not be able to access
+public world-wide services. To illustrate how NAT works around this
+restriction, consider a desktop computer in a local network which
+intents to perform a web search by contacting a public web server
+which is <em>not</em> a member of the local network. </p>
+
+<p> The desktop is configured to route packets which are not
+destined for the local network through a dedicated machine, called
+the <em>router</em>. The router has two IP addresses: one address
+in the local network and a public NAT address. As traffic passes
+from the desktop through the router to the web server, the router
+alters the source address of each IP packet (the local address of the
+desktop) to the public NAT address of the router, and keeps track of
+all thusly forwarded connections. When a reply arrives at the router,
+it uses the connection tracking data stored during the outbound phase
+to determine the address in the local network to which to forward the
+reply. This time the router alters the <em>destination</em> address
+of the packet to the local address of the desktop and forwards the
+packet to the desktop via the local network. </p>
+
+<p> NAT can be seen as providing a kind of privacy mechanism because
+machines on the internet cannot monitor which hosts are sending and
+receiving traffic. They only see the NAT address. NAT has also
+downsides though: Pinpointing the source of a problem becomes harder,
+and encryption becomes more difficult. For example you can not encrypt
+the IP address because the router must be able to change it. </p>
+
EXERCISES()
<ul>
devices can be connected.
»)
-HOMEWORK(«
-
-Illustrate how <em> network address translation </em> (NAT) works
-on the basis of a web search initiated from a desktop computer in a
-local network and discuss the implications that NAT has on privacy.
-
-», «
-
-<p> The desktop is configured to route packets which are not destined
-for the local network through a dedicated machine, called the <em>
-router</em>. In particular, all internet traffic is sent to the router.
-The router has two IP addresses: one address in the local network
-and a public NAT address. As traffic passes from the desktop through
-the router to the web server in the internet, the source address of
-each IP packet (the local address of the desktop) is changed on the
-fly to the public NAT address of the router. The router tracks each
-active connection. When a reply arrives at the router, it uses the
-connection tracking data stored during the outbound phase to determine
-the address in the local network to which to forward the reply. This
-time it overwrites the destination address of the IP packet with the
-local address of the desktop. </p>
-
-<p> NAT can be seen as providing a kind of privacy mechanism because
-machines on the internet cannot monitor which hosts are sending and
-receiving traffic. They only see the NAT address. NAT has also
-downsides though: Pinpointing the source of a problem becomes harder,
-and encryption becomes more difficult. For example you can not encrypt
-the IP address because the router must be able to change it. </p>
-
-»)
-
HOMEWORK(«
Run <code> tracepath wikipedia.org</code>. Explain how this command
works and how it can be used to identify networking problems.
SECTION(«Transport Layer»)
-<p> The protocols of the transport layer provide message transfer services
-which are on one hand independent of the underlying network type,
-and on the other hand independent of the application. Different
-network services on running on the same host are distinguished by
-<em> port numbers</em>, which are 16 bit identifiers. Several well
+<p> The protocols of the transport layer provide message transfer
+services which are on one hand independent of the underlying network
+type, and on the other hand independent of the application. Different
+network services running on the same host are distinguished by
+<em>port numbers</em>, which are 16 bit identifiers. Several well
known port numbers are are associated with specific applications.
The two dominant transport layer protocols on top of IP, TCP and UDP,
are discussed in the following subsections. </p>
SECTION(«Application Layer»)
-<p> Application layer protocols define how the server side of a network
-service communicates with clients that connect to the server by
-connecting a specific TCP or UDP port. Services are often associcated
-with port numbers which can be registred at the <em> Internet Assigned
-Numbers Authority </em> (IANA). </p>
+<p> Application layer protocols define how the server side of
+a network service communicates with clients that connect to the
+server by connecting a specific TCP or UDP port. Services are often
+associcated with port numbers which can be registred at the IANA. </p>
<p> Examples for application layer protocols which are employed on top of
TCP are the <em> Hypertext Transfer Protocol </em> (HTTP, port 80)
projects / aple.git / blobdiff