Illustration
1: 2 networks connected together by some device
Illustration
1: 2 networks connected together by some device
One of the problems with the internet, at least version 4, is that the number of IP addresses is large but finite. (with IPv6, the number of IP addresses is larger than the number of atoms in the universal so we will never run out) . IPv4 IP addresses are a finite resource. So the internet architects set aside three groups of private IP addresses, sometimes called RFC-1918 private IP addresses, for internal networks. So then another question this chapter addresses is how to connect networks together.
The device in illustration 1 can be a router, a source network address translator (SNAT – sometimes called a secure network address translator), a destination network address translator (DNAT), or a Virtual IP (VIP – sometimes called a Virtual Server (VS)). What kind of device we pick depends on the details of what we're trying to accomplish.
Remember the table
This chapter will focus on layers 3 and 4. The discussion of VIPs will spill over into layer 5 when we get more detailed.
For the purposes of this discussion, a single network is any number of sub-networks connected together by either hubs, switches, or bridges. The idea behind this definition is that it is the scope of an ARP request.
|
Source IP address |
Destination IP address |
Address translation |
Port translation |
device |
|---|---|---|---|---|
|
Many |
Many |
none |
no |
router |
|
Single |
Many |
destination |
maybe |
VIP or VS |
|
Single |
Single |
destination |
yes |
DNAT |
|
Many |
Single |
Source |
yes |
SNAT |