網(wǎng)絡(luò)地址翻譯Network Address Translation

1、 2006, Shenzhen Polytechnic. All rights reserved.1網(wǎng)絡(luò)地址翻譯網(wǎng)絡(luò)地址翻譯Network Address Translation 深圳職業(yè)技術(shù)學(xué)院計(jì)算機(jī)系網(wǎng)絡(luò)專業(yè)深圳職業(yè)技術(shù)學(xué)院計(jì)算機(jī)系網(wǎng)絡(luò)專業(yè) 2006, Shenzhen Polytechnic. All rights reserved.2教學(xué)目標(biāo)（教學(xué)目標(biāo)（ Objectives ）1.私有地址（私有地址（Private Addressing ）2. NAT操作（操作（NAT Operation）3. NAT分類（分類（NAT Class）4. 配置配置NAT (Configuring N

2、AT) 5. NAT排錯(cuò)排錯(cuò)（Troubleshooting NAT Configuration） 2006, Shenzhen Polytechnic. All rights reserved.3IP Address Class and RangeClass A:Class B:Class C:1-126128-191192-223127 is lost, why? 2006, Shenzhen Polytechnic. All rights reserved.4公網(wǎng)地址和私有地址公網(wǎng)地址和私有地址（ Public Address and Private Address）1. 公網(wǎng)地址必須被

3、注冊(cè)公網(wǎng)地址必須被注冊(cè) Public Internet addresses must be registered by a company with an Internet authority. 2. 私有地址被保留，并可以被任何人使用私有地址被保留，并可以被任何人使用 Private IP addresses are reserved and can be used by anyone. 2006, Shenzhen Polytechnic. All rights reserved.5私有地址范圍（私有地址范圍（Private Address Range） 2006, Shenzhen Po

4、lytechnic. All rights reserved.6Catalyst 4006Catalyst 6509教學(xué)樓教學(xué)樓工業(yè)中心工業(yè)中心信息大樓信息大樓行政大樓行政大樓圖書館圖書館Catalyst 6509Catalyst 2948GCatalyst 2948GCatalyst 2948GCatalyst 3548GCatalyst 3548Cisco 7206Internet163165CernetBackbone ChannelChannelLoadBalance上期已鋪光纖本期待鋪光纖Channel深職院二期網(wǎng)絡(luò)核心拓?fù)鋱D深職院二期網(wǎng)絡(luò)核心拓?fù)鋱DHSRP 2006, Shenzh

5、en Polytechnic. All rights reserved.7NAT操作（操作（NAT Operation） 2006, Shenzhen Polytechnic. All rights reserved.81. NAT典型工作存根網(wǎng)絡(luò)的邊緣典型工作存根網(wǎng)絡(luò)的邊緣A NAT enabled device typically operates at the border of a stub network. 2. 邊界路由器執(zhí)行邊界路由器執(zhí)行NAT功能，將內(nèi)部私有地功能，將內(nèi)部私有地址轉(zhuǎn)換成公網(wǎng)可路由的地址。址轉(zhuǎn)換成公網(wǎng)可路由的地址。The border gateway router

6、 performs the NAT process, translating the internal private address of a host to a public, external routable address. NAT操作（操作（NAT Operation） 2006, Shenzhen Polytechnic. All rights reserved.91. Inside local address 指定給內(nèi)部主機(jī)使用的地址指定給內(nèi)部主機(jī)使用的地址The IP address assigned to a host on the inside network. 2. I

7、nside global address 從從SP或或NIC注冊(cè)的地址，即內(nèi)部主注冊(cè)的地址，即內(nèi)部主機(jī)地址被機(jī)地址被NAT轉(zhuǎn)換的外部地址轉(zhuǎn)換的外部地址A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world. 3. Address Pool-NIC或或SP分配使用的多個(gè)地址分配使用的多個(gè)地址IP addresses assigned by the NIC or service

8、provider NAT術(shù)語(yǔ)（術(shù)語(yǔ)（NAT Terms） 2006, Shenzhen Polytechnic. All rights reserved.101.靜態(tài)靜態(tài)NAT 靜態(tài)靜態(tài)NAT的特征是內(nèi)部主機(jī)地址被一對(duì)一映射到外的特征是內(nèi)部主機(jī)地址被一對(duì)一映射到外部主機(jī)地址部主機(jī)地址 Static NAT is designed to allow one-to-one mapping of local and global addresses. NAT分類（分類（NAT Class）Pc1:10.1.1.1-200.200.200.1Pc2:10.1.1.2-200.200.200.2Pc3:

9、10.1.1.3-Pc4:10.1.1.4-200.200.200.2?X 2006, Shenzhen Polytechnic. All rights reserved.11NAT分類（分類（NAT Class）2. 動(dòng)態(tài)動(dòng)態(tài)NAT動(dòng)態(tài)動(dòng)態(tài)NAT的特征是內(nèi)部主機(jī)使用地址池中的公網(wǎng)地址來(lái)的特征是內(nèi)部主機(jī)使用地址池中的公網(wǎng)地址來(lái)映射映射Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assign

10、ed to a network host. Pc1:10.1.1.1-200.200.200.1Pc2:10.1.1.2-200.200.200.2Pc3:10.1.1.3-Pc4:10.1.1.4-200.200.200.2? 2006, Shenzhen Polytechnic. All rights reserved.123. 端口復(fù)用端口復(fù)用(PAT) 端口復(fù)用的特征是內(nèi)部多個(gè)私有地址通過不同的端端口復(fù)用的特征是內(nèi)部多個(gè)私有地址通過不同的端口被映射到一個(gè)公網(wǎng)地址，口被映射到一個(gè)公網(wǎng)地址，Overloading, or Port Address Translation (PAT), ma

11、ps multiple private IP addresses to a single public IP address. Multiple addresses can be mapped to a single address because each private address is tracked by a port number. 理想狀況下，一個(gè)單一的理想狀況下，一個(gè)單一的IP地址可以使用的端口數(shù)為地址可以使用的端口數(shù)為4000個(gè)。個(gè)。 Realistically, the number of ports that can be assigned a single IP ad

12、dress is around 4000. NAT分類（分類（NAT Class） 2006, Shenzhen Polytechnic. All rights reserved.13PAT特征（特征（PAT Features） 2006, Shenzhen Polytechnic. All rights reserved.14配置配置NAT (Configuring NAT) 2006, Shenzhen Polytechnic. All rights reserved.15靜態(tài)靜態(tài)NAT配置實(shí)例配置實(shí)例 (Static NAT Example) 2006, Shenzhen Polytec

13、hnic. All rights reserved.16靜態(tài)靜態(tài)NAT配置實(shí)例配置實(shí)例 (Static NAT Example)r1(config)#ip nat inside source static 10.1.1.2 200.200.200.3r1(config)#ip nat inside source static 10.1.1.3 200.200.200.4r1(config)#interface f0/0r1(config-if)#ip nat inside r1(config)#int s0/0r1(config-if)#ip nat outside 2006, Shenzhe

14、n Polytechnic. All rights reserved.17靜態(tài)靜態(tài)NAT配置實(shí)例配置實(shí)例 (Static NAT Example)r1# debug ip nat IP NAT debugging is on00:11:09: NAT: s=10.1.1.2-200.200.200.3, d=2.2.2.2 4093600:11:09: NAT*: s=2.2.2.2, d=200.200.200.3-10.1.1.2 4093600:11:10: NAT*: s=10.1.1.2-200.200.200.3, d=2.2.2.2 40938r1# sh ip nat tran

15、slations Pro Inside global Inside local Outside local Outside global- 200.200.200.3 10.1.1.2 - - 200.200.200.4 10.1.1.3 - - 2006, Shenzhen Polytechnic. All rights reserved.18動(dòng)態(tài)動(dòng)態(tài)NAT配置實(shí)例配置實(shí)例 (Dynamic NAT Example) 2006, Shenzhen Polytechnic. All rights reserved.19動(dòng)態(tài)動(dòng)態(tài)NAT配置實(shí)例配置實(shí)例 (Dynamic NAT Example)r

16、1(config)#ip nat pool NAT 200.200.200.3 200.200.200.50 netmask 255.255.255.0r1(config)#access-list 1 permit 10.1.1.0 0.0.0.255r1(config)#ip nat inside source list 1 pool NATr1(config)#interface f0/0r1(config-if)#ip nat inside r1(config)#int s0/0r1(config-if)#ip nat outside 2006, Shenzhen Polytechnic

17、. All rights reserved.20動(dòng)態(tài)動(dòng)態(tài)NAT配置實(shí)例配置實(shí)例 (Dynamic NAT Example)r1# debug ip nat 00:45:40: NAT: s=10.1.1.2-200.200.200.3, d=2.2.2.2 3893000:45:40: NAT*: s=2.2.2.2, d=200.200.200.3-10.1.1.2 3893000:46:03: NAT: s=10.1.1.3-200.200.200.4, d=2.2.2.2 3896100:46:03: NAT*: s=2.2.2.2, d=200.200.200.4-10.1.1.3 3

18、896100:46:27: NAT: s=10.1.1.4-200.200.200.5, d=2.2.2.2 3899300:46:27: NAT*: s=2.2.2.2, d=200.200.200.5-10.1.1.4 38993 2006, Shenzhen Polytechnic. All rights reserved.21動(dòng)態(tài)動(dòng)態(tài)NAT配置實(shí)例配置實(shí)例 (Dynamic NAT Example)r1#sh ip nat translations Pro Inside global Inside local Outside local Outside global- 200.200.

19、200.3 10.1.1.2 - - 200.200.200.4 10.1.1.3 - - 200.200.200.5 10.1.1.4 - -r1#clear ip nat translation *r1#sh ip nat translations 2006, Shenzhen Polytechnic. All rights reserved.22 動(dòng)態(tài)動(dòng)態(tài)NAT深入研究（深入研究（Dynamic NAT Further Study）如果我們已經(jīng)用完地址池中的地址，將發(fā)生如果我們已經(jīng)用完地址池中的地址，將發(fā)生什么事情？什么事情？ If we have used all available

20、public address in pool, what will happen in next translation? 2006, Shenzhen Polytechnic. All rights reserved.23動(dòng)態(tài)動(dòng)態(tài)NAT深入研究（深入研究（Dynamic NAT Further Study）01:07:36: NAT: translation failed (A), dropping packet s=10.1.1.3 d=2.2.2.2r1#01:07:37: NAT: translation failed (A), dropping packet s=10.1.1.3 d

21、=2.2.2.2以上結(jié)果表明以上結(jié)果表明NAT轉(zhuǎn)換失敗，并將丟包轉(zhuǎn)換失敗，并將丟包 2006, Shenzhen Polytechnic. All rights reserved.24PAT配置實(shí)例配置實(shí)例 (PAT Example) 2006, Shenzhen Polytechnic. All rights reserved.25PAT配置實(shí)例配置實(shí)例 (PAT Example)r1(config)#ip nat pool NAT 200.200.200.3 200.200.200.50 netmask 255.255.255.0r1(config)#access-list 1 permit 10.1.1.0 0.0.0.255r1(config)#ip nat inside source list 1 pool NAT overloadr1(config)#interface f0/0r1(config-if)#ip nat inside r1(config)#int s0/0r1(config-if)#ip nat outside r1(config)#ip route 0.0.0.0 0.0.0.0 200