NAT - ndi chiyani ichi? NAT dongosolo

Network Address Translation (NAT) ndi njira reordering adiresi imodzi danga kuti wina ndi kusintha zambiri zopezera adiresi mu IP (Internet Protocol). Ndi, paketi maheda tisandulika pa nthawi imene ali mnjira kupyolera chipangizo wam'mbuyomu. Njira imeneyi poyambirira ntchito kufika magalimoto kuphweka mu IP-Intaneti, aliyense wolandira popanda renumbering. Iye anakhala wotchuka ndi zofunika chida kusamala ndi kufalitsa danga adiresi lonse mu zikhalidwe za kuchepa kwa maadiresi IPv4.

NAT - ndi chiyani ichi?

The ntchito choyambirira Intaneti adiresi omasulira ku mapu lililonse adiresi ku malo amodzi adiresi ku adiresi lolingana danga ena. Mwachitsanzo, m'pofunika ngati athandizi Internet zasintha wosuta sangathe polengeza njira zatsopano maukonde. Mu zinthu lowonekeratu wakuta lonse IP-adiresi danga NAT luso ochuluka ntchito kuchokera 1990s mochedwa molumikizana ndi IP-kubisa (yomwe ndi njira zoyendera angapo IP-maadiresi pa malo omwewo). limagwirira akuyendera chipangizo yolozera kuti amagwiritsa matebulo kumasulira stateful kukhala "zobisika" maadiresi wina IP-adiresi, ndi patsogolo ndi kufalitsa IP-mapaketi kuti linanena bungwe. Choncho, iwo amaoneka kutuluka chipangizo wam'mbuyomu. Mu n'zosiyana aya njira mayankho anasonyeza mu gwero IP-adiresi ntchito malamulo kusungidwa mu magome yomasulira. Malamulo kumasulira tebulo, nayenso chitakonzedwa patapita nthawi yochepa ngati magalimoto latsopano si kusintha udindo wake. Izi limagwirira yaikulu ya NAT. Izo zikutanthauza chiyani?

Njira imeneyi zimathandiza inu kulankhula kudzera rauta yekha pamene kulumikiza anapangidwa kwa misewu encrypted, monga amalenga tebulo yomasulira. Mwachitsanzo, msakatuli mkati maukonde akhoza sakatulani malo kunja, koma, ngati si anaika kunja, izo sizingakhoze kutsegula gwero, pabwino m'menemo. Koma ambiri NAT zipangizo lero kulola ndi woyang'anira maukonde kuti sintha kumasulira tebulo kulowa ntchito mpaka kalekale. Mbali imeneyi nthawi zambiri amatchedwa malo amodzi NAT kapena doko kutumiza, ndipo timatha magalimoto Chobwera mu "kunja" maukonde kuti tikafike khamu mu misewu encrypted.

Chifukwa cha kutchuka kwa njira ntchito kusunga IPv4 adiresi danga, ndi NAT akuti (ichi ndi chimene chiri - pamwamba), anthu pafupifupi n'chimodzimodzi ndi njira kubisa.

Chifukwa NAT kumasintha mfundo adiresi ya IP-paketi, izo akukhudza kwambiri khalidwe la intaneti, ndipo amafuna mwatcheru tsatanetsatane wa kukhazikitsa.

Njira Ntchito NAT amasiyana Chrixitu mu khalidwe lawo makamaka milandu yosiyanasiyana yokhudza yaikulu magalimoto maukonde.

NAT Basic

Mtundu zosavuta Network Address Translation (NAT) amapereka wailesi IP-maadiresi a "wina ndi wina." RFC 2663 ndi mtundu waukulu kulengeza kwa. Mu mtundu wa kusintha okha IP-adiresi ndi checksum IP-chamutu. The mitundu ikuluikulu yomasulira angagwiritsidwe ntchito kugwirizanitsa awiri IP-Intaneti amene atakwatirana akulankhula.

NAT - ndiye polumikiza "limodzi ndi ambiri"?

mitundu ambiri NAT akhoza ulitsa makamu angapo payekha ndi umodzi anasankha poyera IP-adiresi. Mu kasinthidwe lililonse zopezera m'dera alembe anatchulidwa "payekha" IP-subnet maadiresi (RFC 1918). The rauta pa maukonde kuti ali ndi adiresi pawekha danga ili.

rauta nawonso zikugwirizana Intaneti ntchito "anthu" maadiresi imene ISP wanu. Monga magalimoto amapatsirana maukonde m'dera ku adiresi Internet ya gwero la aliyense paketi anamasuliridwa pa ntchentche ku adiresi payekha kwa anthu. rauta The amalondola deta zofunika za aliyense kugwirizana yogwira (makamaka adiresi kopita ndi doko). Pamene yankho n'kubwera kwa iye, amagwiritsa deta kugwirizana kuti awasungira pa gawo outbound kudziwa adiresi patokha maukonde mkati kumene kutumiza yankho.

Ubwino umodzi wa magwiridwe izi kuti akutumikira monga njira othandiza kwa kutopa pang'ono IPv4 adiresi danga. Ngakhale amagwirizana ndi anthu ambiri akhoza kugwiritsa ntchito Intaneti kudzera wina IP-adiresi.

mapaketi onse datagram kuti Intaneti IP ofotokoza 2 IP-adiresi - gwero ndi kopita. Childs mapaketi kudutsa kuchokera maukonde mseri kwa maukonde anthu, adzakhala ndi adiresi gwero la kaphukusi kusintha pa kusintha kwa zopezera poyera kumbuyo payekha. More masanjidwe zovuta komanso zitheka.

Features

NAT ntchito mwina zina zapadera. Kupewa mavuto ndi mmene kumasulira phukusi anabwerera amafuna zosintha zambiri mumpingo. Ambiri magalimoto Internet chimapita kupyola ndondomeko TCP ndi UDP komanso manambala doko tisandulika kotero kuti kuphatikiza kwa IP-adiresi ndi doko chiwerengero motsogozedwa n'zosiyana wayamba kukhala Anakaligawa deta.

Ndondomeko zimene si zochokera TCP kapena UDP, amafuna njira zosiyanasiyana yomasulira. Control Uthenga Protocol Internet (ICMP), monga ulamuliro, correlates deta pogonana ndi polumikizira alipo. Izi zikutanthauza kuti ayenera anasonyeza ntchito chimodzimodzi IP-adiresi ndi chiwerengero anapereka poyamba.

Kodi Ndimaona?

Configuring NAT pa rauta si kumupatsa n'zotheka kugwirizana "kuyambira kumapeto mpaka kumapeto." Choncho, awa routers akhoza nawo ena ndondomeko Internet. Services kuti amafuna mwambo wa TCP-kugwirizana kwa maukonde kunja kapena owerenga popanda ndondomeko kungakhale sichikupezeka. Ngati rauta NAT sizikupanga khama kuthandiza ndondomeko ngati mapaketi ukubwera sangathe akafike. Ena ndondomeko akhoza kumakhalamo Baibulo lina pakati nawo makamu ( "mode chabe» FTP Mwachitsanzo), nthawi zina mothandizidwa ndi ntchito pachipata, koma kugwirizana udzakhazikitsidwe pamene machitidwe onse anasiyanitsidwa Intaneti ntchito NAT. Kugwiritsa NAT komanso complicates ngati "tunneling" ndondomeko, monga IPsec, chifukwa chimasintha makhalidwe chamutu, amene kucheza ndi review pempho okhulupirika.

Mavuto omwe alipo pano

Pawiri "kuyambira kumapeto mpaka kumapeto" ndi mfundo Intaneti, alipo kuyambira chitukuko. The zikuchitika Intaneti ikusonyeza kuti NAT ndi kuphwanya mfundo imeneyi. Akatswiri pali nkhawa za kugwiritsa ntchito kwambiri IPv6 mu maukonde adiresi yomasulira, ndipo wakweza vuto mmene bwino kuthetsa izo.

Chifukwa cha chikhalidwe ephemeral matebulo stateful ukufalitsidwa NAT routers, zipangizo mkati maukonde kutaya IP-kugwirizana, monga ulamuliro, mwa kanthawi kakafupi nthawi. Kusiyapo mfundo zimenezi NAT mu rauta, mukhoza musaiwale mfundo imeneyi. Izi kwambiri amachepetsa nthawi opaleshoni zipangizo yaying'ono kuti ntchito pa mabatire ndi migolo.

scalability

Komanso, pamene ntchito NAT inamva madoko yekha kuti akhoza msanga zatha ntchito mkati ntchito kugwirizana angapo munthawi yomweyo (mwachitsanzo, HTTP-zopempha masamba ndi ambiri ophatikizidwa zinthu). Vuto limeneli akhoza mitigated ndi kuyan'anila kopita IP-adiresi kuwonjezera doko (Choncho doko lina m'dera lagawidwa makamu ambiri akumidzi).

mavuto ena

Popeza maadiresi onse mkati ananamizira ngati poyera, makamu kunja kumakhala kovuta kuyambitsa kugwirizana ndi mfundo yeniyeni mkati popanda kasinthidwe zapadera pa makhoma oteteza (ndiko kufika kugwirizana kwa doko zenizeni). Mapulogalamu monga IP-telephony, conferencing video, ndi misonkhano imeneyi ndi kugwiritsa ntchito maluso NAT traversal liziyenda bwino.

Kubwerera adiresi ndi doko yomasulira (anatchera) amalola mumapatsa weniweni IP-adiresi imene zimasiyanasiyana nthawi, kukhalabe zilipo monga Seva ndi amodzi IP-adiresi ya maukonde kunyumba. Mfundo tiyenera kulola atakhala maseva kukhalabe kugwirizana. Ngakhale kuti si njira yabwino vuto, izo zikhoza kukhala chida china zothandiza mu nkhokwe ya woyang'anira maukonde kuthetsa vutolo, momwe sintha NAT pa rauta lapansi.

Port Address Translation (Pat)

Cisco anatchera kukhazikitsa ndi Address Port Translation (Pat), omwe amasonyeza angapo payekha IP-adiresi monga mmodzi wa anthu. maadiresi angapo akhoza anasonyeza pamene adiresi, chifukwa aliyense wa iwo kuyang'aniridwa ndi nambala doko. Pat amagwiritsa manambala wapadera gwero doko la mkati IP lonse, kusiyanitsa malangizo a kutengerapo deta. manambala Awa 16-bit integers. Total maadiresi ochuluka omwe angathe kumasuliridwa mu umodzi akunja akhoza theoretically kufika 65536. The chiwerengero cha madoko kumene umodzi IP-adiresi awerenge, ndi za 4000. Childs, Pat akuyesa kupulumutsa gwero doko "pachiyambi". Ngati ali kale ntchito, Port Address Translation anapereka woyamba kupezeka doko chiwerengero kuyambira chiyambi cha magulu ziwalo - 0-511, 512-1023, kapena 1024-65535. Palibe madoko ambiri akupezeka ndi pali kuposa wina kunja IP-adiresi, ndi Pat chimachititsa kuti yotsatira kuyesetsa kuzindikira doko gwero. ndondomeko imeneyi mpaka palibe deta zambiri zilipo.

Alili adilesi ndi doko Cisco zagwiridwa utumiki Chili doko adiresi mapaketi kumasulira deta tunneling IPv6 pa IPv4 intranet. Ndipotu, ndi osasankhidwa zina CarrierGrade NAT ndi DS-Lite, amene amathandiza IP-adiresi kumasulira / doko (ndipo motero, anathandiza kolowera NAT). Choncho, amapewa mavuto unsembe ndiponso kukonza kugwirizana, komanso amatipatsa limagwirira kusintha kwa IPv6 analamula.

njira yomasulira

Pali njira zingapo kugwiritsa ntchito yomasulira adiresi maukonde ndi doko. Mu ena ofunsira, ndi ndondomeko kuti ofunsira ntchito kugwira ntchito ndi IP-maadiresi ntchito mwa misewu encrypted, muyenera chimatanthauza adiresi kunja NAT (ponena kumapeto a kugwirizana), ndipo Komanso, nthawi zambiri zofunika kuphunzira ndi m'kagulu mtundu wa HIV. Kawirikawiri zimenezi chifukwa zabwino kukhazikitsa mwachindunji kulankhulana njira (kapena kusunga mosadodometsedwa kufala kwa deta kudzera pa makina kapena kusintha ntchito) pakati makasitomala athu awiri omwe ndi a munthu NAT.

Chifukwa chaichi, (momwe sintha NAT) mu 2003 anayamba wapadera protocol RFC 3489 Zambiri Traversal wa UDP amapereka kudzera makolo amakhulupirira mizimu. Lero ndi achikale, chifukwa njira zimenezi masiku ano ali osakwanira bwino ganizilani ntchito zipangizo zambiri. njira atsopano yovomerezeka mu RFC 5389 protocol, amene anayamba kupanga mu October 2008. mfundo izi panopa limatchedwa SessionTraversal ndipo ndi zofunikira kwa NAT.

Kujambula kulankhulana

Aliyense paketi lili TCP ndi UDP IP-gwero adiresi ndi doko chiwerengero, komanso ndondomeko ya doko kopita.

Mautumiki oonekera monga maseva zinchito e-mail, doko chiwerengero n'kofunika. Mwachitsanzo, doko 80 chikugwirizana ndi mapulogalamu, ukonde Seva, ndi 25 - kwa SMTP makalata Seva. Seva wapoyera IP-adiresi ndi zofunika, monga adiresi makalata kapena nambala. Onse magawo awa akhale authentically yodziwika kuti mfundo zonse zimapita kugwirizana.

Private IP-maadiresi tanthauzo okha Intaneti kumene iwo ntchito, komanso madoko khamu. Madoko ndi wapadera mapeto mfundo kulumikiza khamu, kotero kugwirizana kudzera NAT ndi mothandizidwa ndi kuphatikiza doko sanjira ndi IP-maadiresi.

Pat (Port AddressTranslation) watsimikiza mikangano akukangana makamu awiri osiyana ntchito chimodzimodzi gwero doko chiwerengero kukhazikitsa kugwirizana wapadera pa nthawi yomweyo.