Questo sito utilizza cookie di terze parti per inviarti pubblicità in linea con le tue preferenze. Se vuoi saperne di più clicca QUI 
Chiudendo questo banner, scorrendo questa pagina, cliccando su un link o proseguendo la navigazione in altra maniera, acconsenti all'uso dei cookie. OK

IP Mobility Support for Virtual Private Networks

L'anteprima di questa tesi è scaricabile in PDF gratuitamente.
Per scaricare il file PDF è necessario essere iscritto a Tesionline.
L'iscrizione non comporta alcun costo. Mostra/Nascondi contenuto.

12 CHAPTER 2. TECHNOLOGIES lates the fictitious address with the real overloaded one and throws the packet outside the private network. In Fig. 2.5 is missing the last variation discussed in [5]: Multihomed- NAT. We did not show it in the figure because it is not a really different kind of NAT. Rather it is a method to repeat and partially distribute NAT functionalities to more than one device for efficiency and reliability purposes. 2.2.5 NAT limitations Unfortunately, NAT usage introduces some limitations and we can definitely state that a private addressing scheme with a NAT gateway is just similar to a globally-routable addressing scheme. In [5] there is a detailed section about NAT limitations; here we want to make a more general speech, communicating to the reader the concepts behind the limitations and thus making him to fit these descriptions to his possible problems. As already said, the main problem with NAT is that it breaks the end- to-end integrity typical of IP communication. There are several applications, but also protocols, that are based on this end-to-end integrity assumption. ALG programs can partially solve this situation, but don’t forget that they modify the packet payload. This is clearly in contrast with all that wants to guarantee authentication and integrity of a packet: One of the worse NAT enemies is in fact IP Secure (IPsec). How is it possible to change addresses and also checksum when they are checked for integrity or even encrypted? It is clear that it is not a simple problem to solve. Someone could suggest to break the secure link between to host in two different links tied by the NAT. The first piece goes from a host to NAT and the second starts from NAT and reaches the correspondent node. This could be, but in such a case the NAT must be a trusted device. The reader has to note that NAT and IPsec are not in generale incom- patible: Obviously, it depends on how they are combined. It is possible, for example, to use IPsec when one of the ends of the secure link is the NAT server, since, in the end, it is an host. What is impossible, due to the end-to-end integrity break, is the establishment of and end-to-end secure communication between an internal and an external host. There is no way, using a NAT with the eventual support of ALG, to set a secure tunnel that crosses the two realms. Finally, about NAT limitations, it is necessary to spend some words about computational complexity. A NAT router is not only a simple router. Added

Anteprima della Tesi di Francesco Trotta

Anteprima della tesi: IP Mobility Support for Virtual Private Networks, Pagina 12

Tesi di Laurea

Facoltà: Ingegneria

Autore: Francesco Trotta Contatta »

Composta da 152 pagine.

 

Questa tesi ha raggiunto 1253 click dal 20/03/2004.

 

Consultata integralmente 4 volte.

Disponibile in PDF, la consultazione è esclusivamente in formato digitale.