rfc2663.IP Network Address Translator (NAT) Termin

7625922
1 ℃
2020-05-22

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

NetworkWorkingGroupP.SrisureshRequestforComments:2663M.HoldregeCategory:InformationalLucentTechnologiesAugust1999IPNetworkAddressTranslator(NAT)TerminologyandConsiderationsStatusofthisMemoThismemoprovidesinformationfortheInternetcommunity.ItdoesnotspecifyanInternetstandardofanykind.Distributionofthismemoisunlimited.CopyrightNoticeCopyright(C)TheInternetSociety(1999).AllRightsReserved.PrefaceThemotivationbehindthisdocumentistoprovideclaritytothetermsusedinconjunctionwithNetworkAddressTranslators.ThetermNetworkAddressTranslatormeansdifferentthingsindifferentcontexts.TheintentofthisdocumentistodefinethevariousflavorsofNATandstandardizethemeaningoftermsused.Theauthorslistedareeditorsforthisdocumentandowethecontenttocontributionsfrommembersoftheworkinggroup.Largechunksofthedocumenttitled,IPNetworkAddressTranslator(NAT)wereextractedalmostasis,toformtheinitialbasisforthisdocument.TheeditorswouldliketothanktheauthorsPydaSrisureshandKjeldEgevangforthesame.TheeditorswouldliketothankPraveenAkkirajuforhiscontributionsindescribingNATdeploymentscenarios.TheeditorswouldalsoliketothanktheIESGmembersScottBradner,VernPaxsonandThomasNartenfortheirdetailedreviewofthedocumentandaddingclaritytothetext.AbstractNetworkAddressTranslationisamethodbywhichIPaddressesaremappedfromonerealmtoanother,inanattempttoprovidetransparentroutingtohosts.Traditionally,NATdevicesareusedtoconnectanisolatedaddressrealmwithprivateunregisteredaddressestoanexternalrealmwithgloballyuniqueregisteredaddresses.ThisdocumentattemptstodescribetheoperationofNATdevicesandtheassociatedconsiderationsingeneral,andtodefinetheterminologyusedtoidentifyvariousflavorsofNAT.Srisuresh&HoldregeInformational[Page1]RFC2663NATTerminologyandConsiderationsAugust19991.IntroductionandOverviewTheneedforIPAddresstranslationariseswhenanetwork’sinternalIPaddressescannotbeusedoutsidethenetworkeitherbecausetheyareinvalidforuseoutside,orbecausetheinternaladdressingmustbekeptprivatefromtheexternalnetwork.Addresstranslationallows(inmanycases,exceptasnotedinsections8and9)hostsinaprivatenetworktotransparentlycommunicatewithdestinationsonanexternalnetworkandviceversa.ThereareavarietyofflavorsofNATandtermstomatchthem.ThisdocumentattemptstodefinetheterminologyusedandtoidentifyvariousflavorsofNAT.ThedocumentalsoattemptstodescribeotherconsiderationsapplicabletoNATdevicesingeneral.Note,however,thisdocumentisnotintendedtodescribetheoperationsofindividualNATvariationsortheapplicabilityofNATdevices.NATdevicesattempttoprovideatransparentroutingsolutiontoendhoststryingtocommunicatefromdisparateaddressrealms.Thisisachievedbymodifyingendnodeaddressesen-routeandmaintainingstatefortheseupdatessothatdatagramspertainingtoasessionareroutedtotherightend-nodeineitherrealm.ThissolutiononlyworkswhentheapplicationsdonotusetheIPaddressesaspartoftheprotocolitself.Forexample,identifyingendpointsusingDNSnamesratherthanaddressesmakesapplicationslessdependentoftheactualaddressesthatNATchoosesandavoidstheneedtoalsotranslatepayloadcontentswhenNATchangesanIPaddress.TheNATfunctioncannotbyitselfsupportallapplicationstransparentlyandoftenmustco-existwithapplicationlevelgateways(ALGs)forthisreason.PeoplelookingtodeployNATbasedsolutionsneedtodeterminetheirapplicationrequirementsfirstandassesstheNATextensions(i.e.,ALGs)necessarytoprovideapplicationtransparencyfortheirenvironment.IPsectechniqueswhichareintendedtopreservetheEndpointaddressesofanIPpacketwillnotworkwithNATenrouteformostapplicationsinpractice.TechniquessuchasAHandESPprotectthecontentsoftheIPheaders(includingthesourceanddestinationaddresses)frommodification.Yet,NAT’sfundamentalroleistoaltertheaddressesintheIPheaderofapacket.2.TerminologyandconceptsusedTermsmostfrequentlyusedinthecontextofNATaredefinedhereforreference.Srisuresh&HoldregeInformational[Page2]RFC2663NATTerminologyandConsiderationsAugust19992.1.AddressrealmorrealmAnaddressrealmisanetworkdomaininwhichthenetworkaddressesareuniquelyassignedtoentitiessuchthatdatagramscanberoutedtothem.Routingprotocolsusedwithinthenetworkdomainareresponsibleforfindingroutestoentitiesgiventheirnetworkaddresses.NotethatthisdocumentislimitedtodescribingNATinIPv4environmentanddoesnotaddresstheuseofNATinothertypesofenvironment.(e.g.IPv6environments)2.2.TransparentroutingThetermtransparentroutingisusedthroughoutthedocumenttoidentifytheroutingfunctionalitythataNATdeviceprovides.Thisisdifferentfromtheroutingfunctionalityprovidedbyatraditionalrouterdeviceinthatatraditionalrouterroutespacketswithinasingleaddressrealm.Transparentroutingreferstoroutingadatagrambetweendisparateaddressrealms,bymodifyingaddresscontentsintheIPheadertobevalidintheaddressrealmintowhichthedatagramisrouted.Section3.2hasadetaileddescriptionoftransparentrouting.2.3.Sessionflowvs.PacketflowConnectionorsessionflowsaredifferentfrompacketflows.Asessionflowindicatesthedirectioninwhichthesessionwasinitiatedwithreferencetoanetworkinterface.Packetflowisthedirectioninwhichthepackethastraveledwithreferencetoanetworkinterface.Takeforexample,anoutboundtelnetsession.Thetelnetses