Difference between revisions of "GSOC2012NetworkAddressTranslation"

From Nsnam
Jump to: navigation, search
Line 13: Line 13:
 
==Approach==
 
==Approach==
  
      ==Design==
+
===Design===
  
 
The work will primarily be divided in two main parts:
 
The work will primarily be divided in two main parts:
Line 71: Line 71:
  
  
          ==Testing==
+
===Testing===
  
 
For the tests of the Nat and Netfilter will focus on a base simulation would be used  
 
For the tests of the Nat and Netfilter will focus on a base simulation would be used  

Revision as of 08:10, 25 May 2012

Project Contact

  • Student: V. Sindhuja
  • Mentor: Tom Henderson
  • Abstract: Implementing a solid working NAT model for the NS3 framework taking into account the different behavior that NAT exhibits in a network equipping the node to act as a successful network edge device, also giving way for further security (firewall) implementations. This would include reusing Netfilter implementation on NS3 to facilitate NAT and then implement NAT itself. This would mimic the Linux NAT model and have added extensions.

Introduction

The main goal of this project is going to be to introduce Network Address Translation models into the NS-3 framework. While implementing NAT itself we are also going to focus on working on building the base for a larger framework that supports connection tracking and other firewall features. Most of this design would be modeled off of the Netfilter framework in Linux. The specifics of the implementation will be updated on further progress.

This project builds on the work previously done by Qasim Javed and Adrian Tam in 2009.

Approach

Design

The work will primarily be divided in two main parts:

A.Building the Netfilter Framework

For the first part I am considering working off of the existing model that was proposed for performing a Netfilter and suiting it to the current ns3 version.

1.This would have 5 hooks

       o   NF_INET_PRE_ROUTING
       o   NF_INET_LOCAL_IN
       o   NF_INET_FORWARD
       o   NF_INET_LOCAL_OUT
       o   NF_INET_POST_ROUTING

2.Callback chaining

Typically on each of the Hooks above mentioned callback methods are invoked in order to track the action to be taken. The fundamental callback functions that can now be implemented to support nat are for connection tracking and Nat itself. Priorities are also assigned to these to determine the order in which the callbacks are invoked.

3.Connection tracking

To maintain the state of the connection making the node one that is stateful.

B.Implementing the main NAT models

When enabling NAT on a node it is specific to that particular node and it is not necessary to enable NAT on a collection of nodes.

Static one-to-one NAT

This NAT would be persistent for all the connections made from that host. When I port is specified then it would remain specific to that port. This translation can never get cleared out or timed out. Unless one manually removes the configuration.

Regular Dynamic NAT

This is the NAT where all the traffic is translated to one IP address and multiple ports(Port address translation).

User Specific API

At a very generic level of explaining this I start with when nat is enabled on a node. The user would invoke something like :

Nat_Install(node,lan-interface,wan-interface)

This would clearly set the interfaces of the node participating in the NATting.

Once this is done the user would configure the

Static one-to-one:

static_nat(lan-ip,wan-ip);

static_nat(lan-ip,wan-ip,port-range) //in the case of number of ports

Dynamic NAPT:

dynamic_nat(lan-ip network with mask,wan-ip);

A more NS-3 specific interface definition will be updated in the course of this project.


Testing

For the tests of the Nat and Netfilter will focus on a base simulation would be used

n1--n2--n3

where n2 is the nat device with n1 on the private network and n3 is out on the internet. Multiple aspects would be looked at while testing :

- Appropriate routing of the packet

- Packet filtering in place

- Header fields in the packet updated as per netfilter and nat rules

- Connection tracking maintained

- Checksum computation accuracy

Plan

·Week 1: (22/05-29/05) Adapt the existing Netfilter code to the current NS3

·Week 2: (30/05-06/06) Test the adaptation for the Netfilter code to current NS3

·Week 3: (07/06-14/06) Static one-to-one Design and Implementation

·Week 4: (15/06-22/06) Static one-to-one Design and Implementation

·Week 5: (23/06-30/06) Test the Static one-to-one Implementations.

·Week 6: (01/07-08/07) Dynamic Port-Translating NAT Design and Implementation

·09/07- Midterm evaluation submission

·Week 7: (10/07-17/07) Dynamic Port-Translating NAT Design and Implementation

·Week 8: (18/07-25/07) Testing the Dynamic Port-Translating NAT implementation.

·Week 9: (26/07-02/08) Test and Work on integration of the NAT Models

·Week 10: (03/08-10/08)Test and Work on integration of the NAT Models

·Aug 13 Suggested Pencils Down Date.

·11/08-19/08: Documentation and Integration of the project

·20/08 - Final Evaluation and Submission.