網(wǎng)絡(luò)地址翻譯NetworkAddressTranslationppt課件

1、 2006, Shenzhen Polytechnic. All rights reserved.1網(wǎng)絡(luò)地址翻譯網(wǎng)絡(luò)地址翻譯Network Address Translation 深圳職業(yè)技術(shù)學(xué)院計(jì)算機(jī)系網(wǎng)絡(luò)專業(yè)深圳職業(yè)技術(shù)學(xué)院計(jì)算機(jī)系網(wǎng)絡(luò)專業(yè) 2006, Shenzhen Polytechnic. All rights reserved.2教學(xué)目的教學(xué)目的 Objectives Objectives 1.私有地址私有地址Private Addressing 2. NAT操作操作NAT Operation3. NAT分類分類NAT Class4. 配置配置NAT (Configuring NA

2、T) 5. NAT排錯(cuò)排錯(cuò)Troubleshooting NAT Configuration 2006, Shenzhen Polytechnic. All rights reserved.3IP Address Class and RangeClass A:Class B:Class C:1-126128-191192-223127 is lost, why? 2006, Shenzhen Polytechnic. All rights reserved.4公網(wǎng)地址和私有地址公網(wǎng)地址和私有地址 Public Address and Private Address1. 公網(wǎng)地址必需被注冊(cè)公網(wǎng)地

3、址必需被注冊(cè) Public Internet addresses must be registered by a company with an Internet authority. 2. 私有地址被保管，并可以被任何人運(yùn)用私有地址被保管，并可以被任何人運(yùn)用 Private IP addresses are reserved and can be used by anyone. 2006, Shenzhen Polytechnic. All rights reserved.5私有地址范圍私有地址范圍Private Address Range 2006, Shenzhen Polytechni

4、c. All rights reserved.6Catalyst 4006Catalyst 6509教學(xué)樓教學(xué)樓工業(yè)中心工業(yè)中心信息大樓信息大樓行政大樓行政大樓圖書館圖書館Catalyst 6509Catalyst 2948GCatalyst 2948GCatalyst 2948GCatalyst 3548GCatalyst 3548Cisco 7206Internet163165CernetBackbone ChannelChannelLoadBalance上期已鋪光纖本等待鋪光纖Channel深職院二期網(wǎng)絡(luò)中心拓?fù)鋱D深職院二期網(wǎng)絡(luò)中心拓?fù)鋱DHSRP 2006, Shenzhen Polyt

5、echnic. All rights reserved.7NAT操作操作NAT Operation 2006, Shenzhen Polytechnic. All rights reserved.81. NAT典型任務(wù)存根網(wǎng)絡(luò)的邊緣典型任務(wù)存根網(wǎng)絡(luò)的邊緣A NAT enabled device typically operates at the border of a stub network. 2. 邊境路由器執(zhí)行邊境路由器執(zhí)行NAT功能，將內(nèi)部私有地功能，將內(nèi)部私有地址轉(zhuǎn)換成公網(wǎng)可路由的地址。址轉(zhuǎn)換成公網(wǎng)可路由的地址。The border gateway router performs t

6、he NAT process, translating the internal private address of a host to a public, external routable address. NAT操作操作NAT Operation 2006, Shenzhen Polytechnic. All rights reserved.91. Inside local address 指定給內(nèi)部主機(jī)運(yùn)用的地址指定給內(nèi)部主機(jī)運(yùn)用的地址The IP address assigned to a host on the inside network. 2. Inside global a

7、ddress 從從SP或或NIC注冊(cè)的地址，即內(nèi)部主注冊(cè)的地址，即內(nèi)部主機(jī)地址被機(jī)地址被NAT轉(zhuǎn)換的外部地址轉(zhuǎn)換的外部地址A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world. 3. Address Pool-NIC或或SP分配運(yùn)用的多個(gè)地址分配運(yùn)用的多個(gè)地址IP addresses assigned by the NIC or service provider NAT術(shù)語

8、術(shù)語NAT Terms 2006, Shenzhen Polytechnic. All rights reserved.101.靜態(tài)靜態(tài)NAT 靜態(tài)靜態(tài)NAT的特征是內(nèi)部主機(jī)地址被一對(duì)一映射到外的特征是內(nèi)部主機(jī)地址被一對(duì)一映射到外部主機(jī)地址部主機(jī)地址 Static NAT is designed to allow one-to-one mapping of local and global addresses. NAT分類分類NAT ClassPc1:10.1.1.1-200.200.200.1Pc2:10.1.1.2-200.200.200.2Pc3:10.1.1.3-Pc4:10.1.1.

9、4-200.200.200.2?X 2006, Shenzhen Polytechnic. All rights reserved.11NAT分類分類NAT Class2. 動(dòng)態(tài)動(dòng)態(tài)NAT動(dòng)態(tài)動(dòng)態(tài)NAT的特征是內(nèi)部主機(jī)運(yùn)用地址池中的公網(wǎng)地址來的特征是內(nèi)部主機(jī)運(yùn)用地址池中的公網(wǎng)地址來映射映射Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host. P

10、c1:10.1.1.1-200.200.200.1Pc2:10.1.1.2-200.200.200.2Pc3:10.1.1.3-Pc4:10.1.1.4-200.200.200.2? 2006, Shenzhen Polytechnic. All rights reserved.123. 端口復(fù)用端口復(fù)用(PAT) 端口復(fù)用的特征是內(nèi)部多個(gè)私有地址經(jīng)過不同的端端口復(fù)用的特征是內(nèi)部多個(gè)私有地址經(jīng)過不同的端口被映射到一個(gè)公網(wǎng)地址，口被映射到一個(gè)公網(wǎng)地址，Overloading, or Port Address Translation (PAT), maps multiple private IP

11、addresses to a single public IP address. Multiple addresses can be mapped to a single address because each private address is tracked by a port number. 理想情況下，一個(gè)單一的理想情況下，一個(gè)單一的IP地址可以運(yùn)用的端口數(shù)為地址可以運(yùn)用的端口數(shù)為4000個(gè)。個(gè)。 Realistically, the number of ports that can be assigned a single IP address is around 4000. N

12、AT分類分類NAT Class 2006, Shenzhen Polytechnic. All rights reserved.13PAT特征特征PAT Features 2006, Shenzhen Polytechnic. All rights reserved.14配置配置NAT (Configuring NAT) 2006, Shenzhen Polytechnic. All rights reserved.15靜態(tài)靜態(tài)NAT配置實(shí)例配置實(shí)例 (Static NAT Example) 2006, Shenzhen Polytechnic. All rights reserved.16靜

13、態(tài)靜態(tài)NAT配置實(shí)例配置實(shí)例 (Static NAT Example)r1(config)#ip nat inside source static 10.1.1.2 200.200.200.3r1(config)#ip nat inside source static 10.1.1.3 200.200.200.4r1(config)#interface f0/0r1(config-if)#ip nat inside r1(config)#int s0/0r1(config-if)#ip nat outside 2006, Shenzhen Polytechnic. All rights res

14、erved.17靜態(tài)靜態(tài)NAT配置實(shí)例配置實(shí)例 (Static NAT Example)r1# debug ip nat IP NAT debugging is on00:11:09: NAT: s=10.1.1.2-200.200.200.3, d=2.2.2.2 4093600:11:09: NAT*: s=2.2.2.2, d=200.200.200.3-10.1.1.2 4093600:11:10: NAT*: s=10.1.1.2-200.200.200.3, d=2.2.2.2 40938r1# sh ip nat translations Pro Inside global In

15、side local Outside local Outside global- 200.200.200.3 10.1.1.2 - - 200.200.200.4 10.1.1.3 - - 2006, Shenzhen Polytechnic. All rights reserved.18動(dòng)態(tài)動(dòng)態(tài)NAT配置實(shí)例配置實(shí)例 (Dynamic NAT Example) 2006, Shenzhen Polytechnic. All rights reserved.19動(dòng)態(tài)動(dòng)態(tài)NAT配置實(shí)例配置實(shí)例 (Dynamic NAT Example)r1(config)#ip nat pool NAT 200

16、.200.200.3 200.200.200.50 netmask 255.255.255.0r1(config)#access-list 1 permit 10.1.1.0 0.0.0.255r1(config)#ip nat inside source list 1 pool NATr1(config)#interface f0/0r1(config-if)#ip nat inside r1(config)#int s0/0r1(config-if)#ip nat outside 2006, Shenzhen Polytechnic. All rights reserved.20動(dòng)態(tài)動(dòng)態(tài)N

17、AT配置實(shí)例配置實(shí)例 (Dynamic NAT Example)r1# debug ip nat 00:45:40: NAT: s=10.1.1.2-200.200.200.3, d=2.2.2.2 3893000:45:40: NAT*: s=2.2.2.2, d=200.200.200.3-10.1.1.2 3893000:46:03: NAT: s=10.1.1.3-200.200.200.4, d=2.2.2.2 3896100:46:03: NAT*: s=2.2.2.2, d=200.200.200.4-10.1.1.3 3896100:46:27: NAT: s=10.1.1.4

18、-200.200.200.5, d=2.2.2.2 3899300:46:27: NAT*: s=2.2.2.2, d=200.200.200.5-10.1.1.4 38993 2006, Shenzhen Polytechnic. All rights reserved.21動(dòng)態(tài)動(dòng)態(tài)NAT配置實(shí)例配置實(shí)例 (Dynamic NAT Example)r1#sh ip nat translations Pro Inside global Inside local Outside local Outside global- 200.200.200.3 10.1.1.2 - - 200.200.20

19、0.4 10.1.1.3 - - 200.200.200.5 10.1.1.4 - -r1#clear ip nat translation *r1#sh ip nat translations 2006, Shenzhen Polytechnic. All rights reserved.22 動(dòng)態(tài)動(dòng)態(tài)NAT深化研討深化研討Dynamic NAT Further Study假設(shè)我們?cè)?jīng)用完地址池中的地址，將發(fā)生假設(shè)我們?cè)?jīng)用完地址池中的地址，將發(fā)生什么事情？什么事情？ If we have used all available public address in pool, what wil

20、l happen in next translation? 2006, Shenzhen Polytechnic. All rights reserved.23動(dòng)態(tài)動(dòng)態(tài)NAT深化研討深化研討Dynamic NAT Further Study01:07:36: NAT: translation failed (A), dropping packet s=10.1.1.3 d=2.2.2.2r1#01:07:37: NAT: translation failed (A), dropping packet s=10.1.1.3 d=2.2.2.2以上結(jié)果闡明以上結(jié)果闡明NAT轉(zhuǎn)換失敗，并將丟包轉(zhuǎn)換失

21、敗，并將丟包 2006, Shenzhen Polytechnic. All rights reserved.24PAT配置實(shí)例配置實(shí)例 (PAT Example) 2006, Shenzhen Polytechnic. All rights reserved.25PAT配置實(shí)例配置實(shí)例 (PAT Example)r1(config)#ip nat pool NAT 200.200.200.3 200.200.200.50 netmask 255.255.255.0r1(config)#access-list 1 permit 10.1.1.0 0.0.0.255r1(config)#ip nat inside source list 1 pool NAT overloadr1(config)#interface f0/0r1(config-if)#ip nat inside r1(config)#int s0/0r1(config-if)#ip nat outside r1(config)#ip route 0.0.0.0 0.0.0.0 20