intranets. Increases the flexibility of
connections to the public network. Multiple pools, backup
pools, and load balancing pools can be implemented to assure
reliable public network connections. Consistency of
the internal network addressing scheme. On a network without
private IP addresses and NAT, changing public IP addresses
requires the renumbering of all hosts on the existing network.
The costs of renumbering hosts can be significant. NAT allows
the existing scheme to remain while supporting a new public
addressing scheme. NAT is not without drawbacks.
Enabling address translation will cause a loss of
functionality, particularly with any protocol or application
that involves sending IP address information inside the IP
payload. This requires additional support by the NAT device.
NAT increases delay. Switching path delays are introduced
because of the translation of each IP address within the packet
headers. Performance may be a consideration because NAT is
currently accomplished by using process switching. The CPU must
look at every packet to decide whether it has to translate it.
The CPU must alter the IP header, and possibly alter the TCP
header. One significant disadvantage when implementing and
using NAT is the loss of end-to-end IP traceability. It becomes
much more difficult to trace packets that undergo numerous
packet address changes over multiple NAT hops. Hackers who want
to determine the source of a packet will find it difficult to
trace or obtain the original source or destination address. NAT
also forces some applications that use IP addressing to stop
functioning because it hides end-to-end IP addresses.
Applications that use physical addresses instead of a qualified
domain name will not reach destinations that are translated
across the NAT router. Sometimes, this problem can be avoided
by implementing static NAT mappings. Cisco IOS NAT supports
the following traffic types: - ICMP
- File
Transfer Protocol (FTP), including PORT and PASV commands
- NetBIOS over TCP/IP, datagram, name, and session
services
- RealNetworks' RealAudio
- White
Pines' CUSeeMe
- Xing Technologies' StreamWorks
- DNS "A" and "PTR" queries
-
H.323/Microsoft NetMeeting, IOS versions 12.0(1)/12.0(1)T and
later
- VDOnet's VDOLive, IOS versions 11.3(4)11.3(4)T
and later
- VXtreme's Web Theater, IOS versions
11.3(4)11.3(4)T and later
- IP Multicast, IOS version
12.0(1)T with source address translation only
Cisco
IOS NAT does not support the following traffic types:
- Routing table updates
- DNS zone transfers
- BOOTP
- talk and ntalk protocols
-
Simple Network Management Protocol (SNMP)
Interactive Media Activity Checkbox: Issues with NAT When
the student has completed this activity, the student will be
able to identify issues with the use of NAT. Web Links
Verifying NAT Operation and Basic NAT Troubleshooting
http://www.cisco.com/en/US/tech/
tk648/tk361/technologies_tech_note
09186a0080094c32.shtml
Content 1.2 DHCP 1.2.1
Introducing DHCP Dynamic Host Configuration Protocol (DHCP)
works in a client/server mode. DHCP enables DHCP clients on an
IP network to obtain their configurations from a DHCP server.
Less work is involved in managing an IP network when DHCP is
used. The most significant configuration option the client
receives from the server is its IP address. The DHCP protocol
is described in RFC 2131. A DHCP client is included in most
modern operating systems including the various Windows
operating systems, Novell Netware, Sun Solaris, Linux, and MAC
OS. The client requests addressing values from the network DHCP
server. This server manages the allocation of the IP addresses
and will answer configuration requests from clients. The DHCP
server can answer requests for many subnets. DHCP is not
intended for configuring routers, switches, and servers. These
type of hosts all need to have static IP addresses. DHCP works
by providing a process for a server to allocate IP information
to clients. Clients lease the information from the server for
an administratively defined period. When the lease expires the
client must ask for another address, although the client is
typically reassigned the same address. Administrators typically
prefer a network server to offer DHCP services because these
solutions are scalable and relatively easy to manage. Cisco
routers can use a Cisco IOS feature set, Easy IP, to offer an
optional, full-featured DHCP server. Easy IP leases
configurations for 24 hours by default. This is useful in small
offices and home offices where the home user can take advantage
of DHCP and NAT without having an NT or UNIX server.
Administrators set up DHCP servers to assign addresses from
predefined pools. DHCP servers can also offer other
information, such as DNS server addresses, WINS server
addresses, and domain names. Most DHCP servers also allow the
administrator to define specifically what client MAC addresses
can be serviced and automatically assign them the same IP
address each time. DHCP uses UDP as its transport protocol. The
client sends messages to the server on port 67. The server
sends messages to the client on port 68. Web Links DHCP
Overview http://support.baynetworks.com/library/ tpubs/html/
router/soft1200/ 117362AA/A_29.HTM
Content 1.2
DHCP 1.2.2 BOOTP and DHCP differences The
Internet community first developed the BOOTP protocol to enable
configuration of diskless workstations. BOOTP was originally
defined in RFC 951 in 1985. As the predecessor of DHCP, BOOTP
shares some operational characteristics. Both protocols are
client/server based and use UDP ports 67 and 68. Those ports
are still known as BOOTP ports.The four basic IP
parameters: - IP address
- Gateway address
- Subnet mask
- DNS server address
BOOTP
does not dynamically allocate IP addresses to a host. When a
client requests an IP address, the BOOTP server searches a
predefined table for an entry that matches the MAC address for
the client. If an entry exists, then the corresponding IP
address for that entry is returned to the client. This means
that the binding between the MAC address and the IP address
must have already been configured in the BOOTP server. There
are two primary differences between DHCP and BOOTP:
- DHCP defines mechanisms through which clients can be
assigned an IP address for a finite lease period. This lease
period allows for reassignment of the IP address to another
client later, or for the client to get another assignment, if
the client moves to another subnet. Clients may also renew
leases and keep the same IP address.
- DHCP provides the
mechanism for a client to gather other IP configuration
parameters, such as WINS and domain name.
Web
Links BootP Relay Agent Overview
http://support.baynetworks.com/library/ tpubs/html/ router/
soft1200/117362AA/ A_28.HTM#MARKER-9-90
Content
1.2 DHCP 1.2.3 Major DHCP
features There are three mechanisms used to assign an IP
address to the client: - Automatic allocation –
DHCP assigns a permanent IP address to a client.
- Manual allocation – The IP address for the client is
assigned by the administrator. DHCP conveys the address to the
client.
- Dynamic allocation – DHCP assigns, or
leases, an IP address to the client for a limited period of
time.
The focus of this section is the dynamic
allocation mechanism. Some of the configuration parameters
available are listed in IETF RFC 1533: - Subnet
mask
- Router
- Domain Name
- Domain Name
Server(s)
- WINS Server(s)
The DHCP server
creates pools of IP addresses and associated parameters. Pools
are dedicated to an individual logical IP subnet. This allows
multiple DHCP servers to respond and IP clients to be mobile.
If multiple servers respond, a client can choose only one of