Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,506 --> 00:00:03,986
>> This last week my wife and
I were cleaning out the garage,
2
00:00:04,276 --> 00:00:07,966
which we do on probably a quarterly basis when
it gets all cluttered and you move it all out.
3
00:00:07,996 --> 00:00:12,026
So we were moving some stuff, and I kind of,
I had to wiggle the water heater a little bit
4
00:00:12,156 --> 00:00:14,676
to move something behind it,
and you know, continue on.
5
00:00:14,856 --> 00:00:20,306
So later that morning we found this giant
puddle just, you know, all over the floor
6
00:00:20,306 --> 00:00:21,956
in the garage, and my wife
was like, "What's this?"
7
00:00:21,956 --> 00:00:24,666
And I looked up, and sure enough
the water heater is dripping
8
00:00:24,966 --> 00:00:30,006
because by wiggling I had broken
one of the copper lines going to it,
9
00:00:30,006 --> 00:00:34,466
like there was just a pinhole leaking, and it
just kind of sprang out, and I was like, "Oh."
10
00:00:34,466 --> 00:00:37,396
So we turn off the water, and my wife was like,
"What have you got to do," and I was like,
11
00:00:37,846 --> 00:00:39,566
"Well, I'm afraid I'm going
to have to solder that."
12
00:00:39,566 --> 00:00:41,606
Now let me tell you.
13
00:00:41,606 --> 00:00:46,336
Since I've learned to solder, like this was a
year ago a friend of mine was like, "Oh, yeah,
14
00:00:46,336 --> 00:00:50,386
here's how you sweat the line, how you,
you know, put the bead of solder in there,
15
00:00:50,386 --> 00:00:53,386
and like any chance to solder something,
I'm like, "I'm there" [laughter]
16
00:00:53,536 --> 00:00:57,716
because it's awesome, and I came
in and told my wife, I'm like,
17
00:00:58,116 --> 00:01:02,486
"There's not much that makes you feel like
a man than soldering some copper pipe,"
18
00:01:02,486 --> 00:01:07,416
and she laughed at me, but nonetheless, I
soldered the line, and that's what NAT is to me.
19
00:01:07,416 --> 00:01:12,136
When I first learned how NAT, Network Address
Translation, really works behind the scenes,
20
00:01:12,136 --> 00:01:16,226
I was like, "That's awesome," and any
chance I could get, you know, I...
21
00:01:16,226 --> 00:01:20,526
we'd be at a friend's house and setting up a
little link sys device for them or something
22
00:01:20,526 --> 00:01:24,566
to route their Internet connection, I'm
like, "You want to know how that works?"
23
00:01:24,686 --> 00:01:26,556
And they'd, you know, always
kind of look at me like...
24
00:01:26,556 --> 00:01:28,466
and I'd say, "No, let me show you.
25
00:01:28,536 --> 00:01:31,916
I want to show you how this works
because it's amazing," and so NAT is one
26
00:01:31,916 --> 00:01:35,946
of those cool concepts, and through all the
years, it still has not lost its luster.
27
00:01:35,946 --> 00:01:37,856
Now is its time short?
28
00:01:38,556 --> 00:01:43,446
Maybe. Now it may fade away
some day as IPV6 takes hold,
29
00:01:43,726 --> 00:01:47,456
but I will say it is the staple
of every network of the world.
30
00:01:47,456 --> 00:01:51,266
I would challenge you to find me a
network in this world that is connected
31
00:01:51,266 --> 00:01:53,116
to the Internet that is not using NAT.
32
00:01:53,116 --> 00:01:56,426
They're out there, but I mean I
probably could count them on one hand.
33
00:01:56,426 --> 00:01:59,026
So Network Address Translation
is what we're all about.
34
00:01:59,026 --> 00:02:00,716
We're going to talk about how it works.
35
00:02:00,716 --> 00:02:02,536
Next nugget we'll tell you
about how to set it up.
36
00:02:03,626 --> 00:02:06,276
Did you know that you could
build your own Internet?
37
00:02:06,776 --> 00:02:11,486
All you have to do is go to your house and
set up a network and then go to your neighbor
38
00:02:11,726 --> 00:02:13,456
and say, "Hey, you want to join my network?"
39
00:02:13,456 --> 00:02:17,396
And connect a cable to his house, and then tell
him, "You've got to connect at least 5 neighbors
40
00:02:17,396 --> 00:02:19,116
to you," and so they connect their 5 neighbors,
41
00:02:19,116 --> 00:02:22,616
and you kind of start your own little pyramid
Amway scheme or something like that, you know,
42
00:02:22,726 --> 00:02:25,796
all your neighborhood connected, and
before long it keeps exponentially growing,
43
00:02:25,796 --> 00:02:27,796
and poof, worldwide span.
44
00:02:27,796 --> 00:02:31,216
You've got your own Internet because
that's really all the Internet is,
45
00:02:31,216 --> 00:02:32,306
is just a big network.
46
00:02:32,306 --> 00:02:36,256
Instead of houses, it started with some
college universities that are like, "Hey,
47
00:02:36,516 --> 00:02:39,396
let's share some files," and, you know,
4 universities connected together,
48
00:02:39,396 --> 00:02:42,586
and other college campuses were
like, "Hey, let's jump in on that,"
49
00:02:42,586 --> 00:02:46,626
and then a business partnered in, and
they jumped in, and then .com came along,
50
00:02:46,626 --> 00:02:48,096
and someone was like, "We can sell stuff here?
51
00:02:48,136 --> 00:02:50,346
Woo." And then, poof, you
know, Internet explodes.
52
00:02:50,346 --> 00:02:54,826
Everybody needs to be on there, and now it's
one of the staples of every business is you have
53
00:02:54,866 --> 00:02:59,566
to have an Internet connection really
anymore to do business in most locations.
54
00:02:59,566 --> 00:03:04,876
So the problem with that is we've now brought
masses of devices and masses of equipment,
55
00:03:04,876 --> 00:03:08,506
and there's a limited scope
on the IPV4 address space.
56
00:03:09,276 --> 00:03:15,326
There's not enough public IP address spaces or
Internet valid IP addresses that are available.
57
00:03:15,356 --> 00:03:19,166
So management entities were created, and
the government got involved and said,
58
00:03:19,166 --> 00:03:25,116
"Okay we will sell or provision blocks of IP
addresses like, you know, we'll say the...
59
00:03:25,116 --> 00:03:26,186
I'm just throwing one out there...
60
00:03:26,186 --> 00:03:32,376
13.1.0.0/16, like that big block of
IP addresses, 65,000 IP addresses,
61
00:03:32,376 --> 00:03:35,236
we're going to give that
to some service provider."
62
00:03:35,236 --> 00:03:36,486
Let's just say AT&T.
63
00:03:36,486 --> 00:03:37,706
I'm just throwing one out there, right?
64
00:03:37,926 --> 00:03:41,236
So AT&T gets that, an then they
provision it for their customers, and,
65
00:03:41,466 --> 00:03:44,266
you know, somebody signs up for a DSL...
66
00:03:44,266 --> 00:03:46,646
I don't even know if AT&T does
DSL, but we'll go with it.
67
00:03:46,886 --> 00:03:52,296
A DSL connection from AT&T, and AT&T says,
"Okay, you can have one of our IP addresses
68
00:03:52,296 --> 00:03:55,276
for a limited amount of time that you
can use on your different devices."
69
00:03:55,276 --> 00:04:00,996
So, I mean, they had to have ways of
provisioning and allocating these IP addresses
70
00:04:00,996 --> 00:04:06,846
because there are exponentially far more devices
in the world today than there are IP addresses.
71
00:04:06,846 --> 00:04:12,446
Now with this management in place,
we also had to have something
72
00:04:12,446 --> 00:04:16,466
that allowed people to create
their own networks.
73
00:04:16,556 --> 00:04:21,476
Like, you don't want to have to go to
some management entity and go, you know,
74
00:04:21,476 --> 00:04:25,196
to set up your house and say, "Hey, I'd
to use, you know, 5 computers in my house.
75
00:04:25,196 --> 00:04:26,116
Is that okay?"
76
00:04:26,266 --> 00:04:28,256
I mean in the same way, take it this way.
77
00:04:28,516 --> 00:04:29,996
You ever bought a cordless phone?
78
00:04:30,186 --> 00:04:31,706
I mean, now, with cell phones, right?
79
00:04:31,706 --> 00:04:34,856
Everybody's like, well, whatever, but I
mean cordless phone for your house, right?
80
00:04:34,856 --> 00:04:41,516
You don't have to go to the FCC and register
for a broadcasting license for your cordless,
81
00:04:41,516 --> 00:04:44,626
you know, 900 megahertz phone, or
whatever kind of phone you have
82
00:04:45,036 --> 00:04:48,736
because it is part of the unlicensed band.
83
00:04:48,736 --> 00:04:50,436
I mean, you are technically broadcasting.
84
00:04:50,436 --> 00:04:55,116
You're creating a signal that could
interfere with others in the air, but the FCC,
85
00:04:55,226 --> 00:04:58,826
meaning the government entity of the
United States that governs, you know,
86
00:04:58,826 --> 00:05:01,886
so nobody can just run their own radio
station from home or something like that.
87
00:05:02,076 --> 00:05:08,426
They have said that 900 megahertz, 2.4
gigahertz, and 5 gigahertz are unmanaged bands.
88
00:05:08,426 --> 00:05:11,246
That's why you can set up your own
little wireless network in your house.
89
00:05:11,246 --> 00:05:12,316
You don't have to register for that.
90
00:05:12,316 --> 00:05:18,366
So in this same way, with IP addresses,
they said, "We need to let people set
91
00:05:18,366 --> 00:05:22,296
up their own networks without actually going
to the government and saying, 'Can I do this?
92
00:05:22,296 --> 00:05:26,976
Am I allowed?'" So they came up with private
addresses space I said that totally wrong...
93
00:05:27,356 --> 00:05:30,136
private address space, and
you've seen these before, right?
94
00:05:30,306 --> 00:05:35,516
10.0.0.0 through 10.255.255.255.
95
00:05:35,516 --> 00:05:36,096
Once somebody...
96
00:05:36,096 --> 00:05:36,656
this is a weird one...
97
00:05:36,656 --> 00:05:45,166
172.16.0.0 through 172.31.255.255, and
that's a little chunk in the middle there.
98
00:05:45,166 --> 00:05:48,746
This is Class A, this is Class B,
and then Class C, those famous,
99
00:05:48,746 --> 00:05:52,376
do-do-do-do, toot the trumpets, 192.168.
100
00:05:52,376 --> 00:05:54,436
anything is considered private addresses.
101
00:05:54,436 --> 00:05:58,506
So like private, wireless frequencies,
102
00:05:58,506 --> 00:06:04,106
we can just use these addresses wherever
we want because they're unmanaged.
103
00:06:04,106 --> 00:06:06,076
You don't have to have a
license to use them, but...
104
00:06:07,036 --> 00:06:12,716
but, you know, let's say
this is you and your company.
105
00:06:12,716 --> 00:06:19,146
You've created your own little world
on, let's just say, 192.168.1.0/24.
106
00:06:19,146 --> 00:06:22,106
You know, you've got your own little
server back here, your own little client.
107
00:06:22,106 --> 00:06:24,376
You've got your own little
network that's working great,
108
00:06:25,196 --> 00:06:29,976
but the problem is 9 million people
in the world are also using...
109
00:06:30,386 --> 00:06:31,786
probably 9 billion.
110
00:06:31,786 --> 00:06:32,866
Wait a second.
111
00:06:32,866 --> 00:06:35,606
I'm exceeding the population,
but you get the point.
112
00:06:35,606 --> 00:06:40,376
Tons of people are using 192.168.1
in their home because it's unmanaged.
113
00:06:40,376 --> 00:06:46,156
So we have to have a way of hiding your network
from the world and yet still allowing you
114
00:06:46,156 --> 00:06:50,146
to use this public world, and
that's where NAT comes in.
115
00:06:50,146 --> 00:06:56,046
Network Address Translation at
its root translates from a...
116
00:06:56,046 --> 00:07:00,666
well, let me just, you know, the technical
definition, technically translates
117
00:07:00,666 --> 00:07:05,336
from one IP address to another, but
really the big picture is it translates
118
00:07:05,336 --> 00:07:10,716
from private addresses, which work inside
of your house and actually would work
119
00:07:10,716 --> 00:07:14,056
on the Internet if service
providers would let them through,
120
00:07:14,376 --> 00:07:18,826
but it translates from private
addresses to public addresses.
121
00:07:19,196 --> 00:07:22,686
Now let me say one more quick
thing before we move on here.
122
00:07:23,066 --> 00:07:28,866
One of the biggest misnomers that I've
heard, and you may have heard this, too,
123
00:07:28,866 --> 00:07:30,586
I just want to debunk this right now.
124
00:07:30,586 --> 00:07:32,426
A lot of people say, "Oh, yeah.
125
00:07:32,426 --> 00:07:35,756
Those are non-routable IP addresses."
126
00:07:35,756 --> 00:07:39,476
Have you ever that before, where somebody
identifies those private addresses.
127
00:07:39,476 --> 00:07:41,076
"Oh, those are non-routable IP addresses."
128
00:07:41,356 --> 00:07:45,456
Totally not a good way to say it
because they work perfectly fine.
129
00:07:45,456 --> 00:07:47,916
I mean, you can set up...
130
00:07:47,916 --> 00:07:49,456
Oh, I'm flabbergasted...
131
00:07:49,456 --> 00:07:54,506
I'm appalled at that because this entire
series we've been setting up routing.
132
00:07:54,506 --> 00:08:01,986
I mean we went in OSPF and set up, you know,
these routers on 192.168.1 and .2 and .3,
133
00:08:02,076 --> 00:08:05,246
and we said, "Okay, this can reach
this," and we're routing those just fine.
134
00:08:05,246 --> 00:08:08,846
So if you're going to say they're non
routable, I would say they're non routable
135
00:08:08,846 --> 00:08:12,406
but add in there, always
add in, on the Internet.
136
00:08:12,936 --> 00:08:15,406
They're non routable on the Internet.
137
00:08:15,516 --> 00:08:20,966
Now even that, I'm like ew-w-w,
because if they were to somehow get
138
00:08:20,966 --> 00:08:22,926
into the Internet, they would route just fine.
139
00:08:23,136 --> 00:08:30,246
What really happens is to be a service provider,
to be an ISP, you are supposed to block,
140
00:08:30,356 --> 00:08:35,376
these are all considered RFC1918, and if
you ever want to know what is the standard
141
00:08:35,376 --> 00:08:37,196
that specifies private addresses?
142
00:08:37,196 --> 00:08:41,886
RFC1918. It's the only way I can tell you
off the top of my head, but as an ISP,
143
00:08:41,886 --> 00:08:46,676
you are supposed to block, you know,
you've got your customer, we'll say,
144
00:08:46,676 --> 00:08:50,856
over here that is coming in, you are supposed
to block all these addresses from coming in.
145
00:08:51,126 --> 00:08:52,356
There have been mistakes.
146
00:08:52,936 --> 00:08:59,156
ISP's have forgotten to block customer IP
addresses, and the customer has forgotten
147
00:08:59,156 --> 00:09:04,036
to turn on NAT and to what the public addresses,
and there have been cases, you can look them up,
148
00:09:04,156 --> 00:09:07,986
to where private IP addresses have gotten
into the Internet, and it was actually so bad,
149
00:09:07,986 --> 00:09:12,146
it was over in Europe somewhere, that
I can't quite remember the whole...
150
00:09:12,216 --> 00:09:17,726
This was a long time ago, but essentially there
was one ISP that forgot to block their customer,
151
00:09:17,936 --> 00:09:21,696
and all these other ISP's trusted this ISP.
152
00:09:21,836 --> 00:09:26,046
So they didn't put the block here because
they were like, "Well, why do block private."
153
00:09:26,046 --> 00:09:30,176
They were assuming that, you know, our
ISP friend down there is blocking it.
154
00:09:30,176 --> 00:09:33,136
So we don't need to put those blocks
here, and they actually had a case
155
00:09:33,136 --> 00:09:37,036
where like a whole chunk of
Europe went down on the Internet
156
00:09:37,036 --> 00:09:39,346
because of these private
addresses had leaked in there.
157
00:09:39,346 --> 00:09:40,526
Well, no more.
158
00:09:40,526 --> 00:09:42,766
I'm sure that's taught everybody a big lesson.
159
00:09:42,766 --> 00:09:45,996
So the point is that private
addresses route great.
160
00:09:46,796 --> 00:09:50,816
They just are blocked from
getting in from the Internet.
161
00:09:51,176 --> 00:09:56,386
When you think about NAT, you can think of
it as an umbrella of three different flavors.
162
00:09:56,986 --> 00:09:59,976
You can have static NAT-very common.
163
00:10:00,556 --> 00:10:07,146
You can have dynamic NAT, which is not very
common, and then you can have something
164
00:10:07,146 --> 00:10:08,956
that some people call it NAT overload.
165
00:10:08,956 --> 00:10:09,866
Some people call it PAT.
166
00:10:10,076 --> 00:10:15,636
That's probably the more common word , Port
Address Translation, which is insanely common,
167
00:10:15,636 --> 00:10:18,806
like that's the staple that
just about every business has.
168
00:10:18,806 --> 00:10:19,576
What PAT does...
169
00:10:19,776 --> 00:10:25,656
I'm going to talk about all 3, but I want
to talk about the most popular one first
170
00:10:25,986 --> 00:10:28,776
because almost every business
in the world uses it.
171
00:10:29,086 --> 00:10:33,946
What this one does is stretch an IP address
further than I'm sure the founding fathers
172
00:10:33,946 --> 00:10:35,916
of the Internet ever thought it could go.
173
00:10:36,316 --> 00:10:37,306
So here's...
174
00:10:37,306 --> 00:10:40,366
let me give you the big picture concept of PAT.
175
00:10:40,536 --> 00:10:41,606
So what...
176
00:10:41,606 --> 00:10:45,516
every time you have a connection, and
this, you know, to understand NAT you have
177
00:10:45,516 --> 00:10:47,896
to understand how devices communicate, right?
178
00:10:48,146 --> 00:10:53,426
So let's think back, I mean, go back to
your old nugget number 5 or 6 of the series
179
00:10:53,426 --> 00:10:56,826
where we were starting to talk about, okay,
communication, we've got a source IP address,
180
00:10:56,826 --> 00:11:03,336
let's just say 10.1.1.10, and we've got
a destination IP address 10.1.1.100,
181
00:11:03,336 --> 00:11:08,906
no routers in the middle to garble this all
up, and let's just say this is a web server,
182
00:11:09,086 --> 00:11:14,066
this is a client, and I open my web browser
and try and access that, what happens?
183
00:11:14,296 --> 00:11:18,706
Well that's where we said, okay, the
Windows, you know, Windows or Lenox or OX,
184
00:11:18,706 --> 00:11:22,566
whatever you're using here generates
a source port number dynamically.
185
00:11:22,566 --> 00:11:25,746
It says, "Okay, I'm coming
form the source 1000...
186
00:11:25,746 --> 00:11:28,136
well, let's just do 1892.
187
00:11:28,136 --> 00:11:32,266
It makes those up, and I'm going to a
destination, now if this is a web server,
188
00:11:32,416 --> 00:11:35,326
I'm going to a destination
of port 80, right, and we...
189
00:11:35,506 --> 00:11:38,416
I'm doing a little review here of early topics.
190
00:11:38,416 --> 00:11:41,206
We call that it creating a
socket because this says, "Okay,
191
00:11:41,206 --> 00:11:51,276
I'm coming from the source 10.1.1.10:1892, and
I'm going to the destination of 10.1.1.100:80."
192
00:11:51,516 --> 00:11:56,356
And when this guy communicates back he comes
from the source of 80 and goes to a destination
193
00:11:56,356 --> 00:11:59,786
of 1892, and that's how Windows knows,
oh, you're going to this, you know,
194
00:11:59,786 --> 00:12:03,696
Google Chrome window or whatever
browser we happen to use to browse at.
195
00:12:03,696 --> 00:12:04,926
So that's how it works.
196
00:12:04,926 --> 00:12:06,196
Now you can...
197
00:12:06,196 --> 00:12:08,826
let's think a little bit further.
198
00:12:08,826 --> 00:12:10,746
How many port numbers are there?
199
00:12:10,746 --> 00:12:13,316
I mean, we picked 1892, but
really, how many are there?
200
00:12:13,786 --> 00:12:20,916
Well for TCP and UDP there's 65,535
usable ports that you're able
201
00:12:20,916 --> 00:12:22,376
to work with, you know, outside of...
202
00:12:22,376 --> 00:12:26,546
I mean you can get into well known ports and
blah, blah, blah, but I mean 65,000 ports.
203
00:12:26,546 --> 00:12:27,876
Now is this...
204
00:12:28,046 --> 00:12:28,496
question...
205
00:12:28,626 --> 00:12:31,206
is this computer ever going to tap that out?
206
00:12:31,976 --> 00:12:35,786
No. No. I'm like well...
207
00:12:35,916 --> 00:12:37,616
I always try and find the exceptions, right?
208
00:12:37,616 --> 00:12:41,086
No, it's not because you just
can't open enough applications.
209
00:12:41,086 --> 00:12:45,146
That computer would crash long
before it would max those things out.
210
00:12:45,386 --> 00:12:48,216
So the point is we have all these
port numbers that we can use.
211
00:12:48,216 --> 00:12:50,206
Okay. Okay, we've established a foundation.
212
00:12:50,206 --> 00:12:53,426
Now here's how PAT works.
213
00:12:53,586 --> 00:12:55,236
We have a network.
214
00:12:55,236 --> 00:12:57,316
It could be, you know, 2
clients like we have here.
215
00:12:57,316 --> 00:12:58,266
It could be 100 clients.
216
00:12:58,266 --> 00:13:02,106
It could be 1,000 clients, whatever we
have running inside of our organization,
217
00:13:02,546 --> 00:13:07,966
and we've got a router in place, let's
say 192.168.1.1 is the default gateway
218
00:13:07,966 --> 00:13:12,426
of these guys, and we've got the public IP
address assigned, 200.1.1.1, and this, you know,
219
00:13:12,426 --> 00:13:14,566
this would actually go to a router of the ISP...
220
00:13:15,166 --> 00:13:18,786
whatever ISP you are, and this default
route would point out this way.
221
00:13:19,956 --> 00:13:21,456
So when this guy...
222
00:13:21,456 --> 00:13:27,466
let's go to this guy, and he opens a web
browser, you know, Google Chrome and goes
223
00:13:27,466 --> 00:13:34,156
to a server out on the Internet-we'll
just say it is CBTNUGGETS.com, and...
224
00:13:34,476 --> 00:13:37,066
if I can write.
225
00:13:37,066 --> 00:13:37,386
There we go.
226
00:13:37,576 --> 00:13:39,856
So he goes to CBTNUGGETS.com.
227
00:13:40,296 --> 00:13:44,246
He's going to automatically, just like we saw
over there, generate its own source port number.
228
00:13:44,246 --> 00:13:47,676
So he's going to say, "Okay, Chrome,
I'm going to generate source port...
229
00:13:47,676 --> 00:13:49,496
I'll use my diagram...
230
00:13:49,496 --> 00:13:52,376
6711." That's my source.
231
00:13:52,376 --> 00:13:56,256
That's where I'm going to, and I'm going
to go to a destination of, let's just say,
232
00:13:56,256 --> 00:13:58,146
CBTNUGGETS.com because it's easy to write.
233
00:13:58,146 --> 00:13:59,416
It's 1.1.1.1.
234
00:13:59,516 --> 00:14:02,556
I'm going to go to a destination
of 80, right there, right?
235
00:14:02,886 --> 00:14:07,956
So that request will come into the
router that is configured to do PAT
236
00:14:08,236 --> 00:14:12,426
or NAT overload is what CISCO config calls it.
237
00:14:12,426 --> 00:14:15,746
So it receives that request and it
goes, "Okay, I'm going to translate you
238
00:14:15,746 --> 00:14:19,726
because I know these private
addresses do not work on the Internet.
239
00:14:19,726 --> 00:14:24,146
If I were to send you out as
192.168.50, the ISP would say [noise]
240
00:14:24,236 --> 00:14:25,886
and block you, and you would die right there.
241
00:14:25,886 --> 00:14:30,146
So I'm going to translate you to 200.1.1.1.
242
00:14:30,146 --> 00:14:35,396
Now the way I'm going to do that is I'm going to
use your source port number to make you unique."
243
00:14:36,266 --> 00:14:36,886
You see what happens.
244
00:14:36,886 --> 00:14:41,376
So it creates a little table inside, and the
table's actually bigger than this, but it says,
245
00:14:41,376 --> 00:14:46,276
okay the inside address, 192.168.1.50,
it's like a spreadsheet inside the router,
246
00:14:46,426 --> 00:14:49,936
it's actually going to go to
the outside address 200.1.1.1,
247
00:14:49,936 --> 00:14:52,516
and it's going to use that
same source port number.
248
00:14:52,826 --> 00:14:57,466
So that way now it comes out as
200.1.1.1 goes to CBTNUGGETS.com.
249
00:14:58,166 --> 00:15:05,956
CBTNUGGETS sees it coming from
the source of 200.1.1.1:6711 and,
250
00:15:06,106 --> 00:15:08,616
you know, sends the webpage back to that.
251
00:15:08,616 --> 00:15:10,876
It's received here on the
router, goes, oh, okay, well,
252
00:15:10,876 --> 00:15:12,596
you're actually going back into this guy.
253
00:15:12,806 --> 00:15:17,946
So that's what allows this guy at the same
time to open up a different web browser, well,
254
00:15:17,946 --> 00:15:22,716
Chrome, or I'm not talking about
like Firefox or anything like that,
255
00:15:22,716 --> 00:15:26,576
but let's just say he opens Firefox or
Chrome or whatever and goes to the same web.
256
00:15:26,576 --> 00:15:28,196
I mean, he could go to CBTNUGGETS.com.
257
00:15:28,366 --> 00:15:35,216
Well, his computer, it randomly grabs a port
from 65,535, and it's going to say, "Okay,
258
00:15:35,216 --> 00:15:39,866
well I picked port 15396, and
I want to go to CBTNUGETS.com."
259
00:15:39,866 --> 00:15:42,406
So he goes out to CBTNUGGETS.com.
260
00:15:42,406 --> 00:15:43,156
Are you following me here?
261
00:15:43,246 --> 00:15:44,466
And I want to make sure you catch me.
262
00:15:44,796 --> 00:15:48,156
So he generated his own source port.
263
00:15:48,156 --> 00:15:50,866
Windows did that for him behind the scenes.
264
00:15:50,866 --> 00:15:54,596
NAT kicked in and said, "Okay, I'm going
to use that source port number so as you go
265
00:15:54,596 --> 00:15:58,316
through that router, I'm going to
translate you to my public address,
266
00:15:58,316 --> 00:16:01,826
but I'm going to put a little
colon 1536," and do you kind
267
00:16:01,826 --> 00:16:04,226
of get why it's called PAT,
Port Address Translation?
268
00:16:04,226 --> 00:16:06,926
It's using the ports to make
all these requests look unique,
269
00:16:06,926 --> 00:16:08,896
and I'm going to send you to CBTNUGGETS.com.
270
00:16:09,046 --> 00:16:14,206
If CBTNUGGETS.com gets a
request from 200.1.1.1:6711
271
00:16:14,206 --> 00:16:16,236
and gets a second request
at the same exact time...
272
00:16:16,236 --> 00:16:21,176
let's just say they did this at the same time
because they both wanted their CBTNUGGETS,
273
00:16:21,176 --> 00:16:26,936
and it sees a request to 1536, it
actually sees these as two unique requests.
274
00:16:27,996 --> 00:16:29,966
It doesn't see them as one IP address.
275
00:16:29,966 --> 00:16:31,316
It's like, "Whoa, this must be the same thing."
276
00:16:31,316 --> 00:16:35,616
No it looks at the port number, and it's
like, "Oh, I've got two unique requests."
277
00:16:35,616 --> 00:16:38,826
So, okay, in theory, in theory...
278
00:16:38,996 --> 00:16:43,226
we're talking theory, we
could use this one IP address
279
00:16:43,426 --> 00:16:47,826
to service 65,535 computers
sitting behind there.
280
00:16:47,826 --> 00:16:53,346
You could share that to 65,535
devices in theory.
281
00:16:53,516 --> 00:16:55,746
Now here, let me now get to...
282
00:16:55,746 --> 00:17:00,786
I know a lot of you are analytical, and
you're like, okay, okay, what if....
283
00:17:00,926 --> 00:17:03,586
Let me see if I can predict a question
rolling around in somebody's mind.
284
00:17:03,586 --> 00:17:04,506
I'm feeling you right now.
285
00:17:04,896 --> 00:17:12,116
You're going what if, 1 in 65,000 chance,
this computer opens a web browser and goes
286
00:17:12,146 --> 00:17:15,796
to CBTNUGGETS and at the same time this computer
opens a web browser and goes to CBTNUGGETS.com,
287
00:17:15,906 --> 00:17:18,986
and they just happened to
pick the same port number.
288
00:17:19,226 --> 00:17:20,546
Did I read your mind?
289
00:17:21,266 --> 00:17:23,726
So both of them picked 65...
290
00:17:23,726 --> 00:17:26,976
6711. Not a big deal.
291
00:17:27,886 --> 00:17:28,986
Yeah, well how's it not a big deal?
292
00:17:29,286 --> 00:17:32,586
What the router does is just say, you
know, let's say this guy got there...
293
00:17:32,586 --> 00:17:33,976
one of them's going to have to get there first.
294
00:17:33,976 --> 00:17:36,816
The packet, the router can't
two packets at the same time.
295
00:17:36,816 --> 00:17:38,216
It has to have one in front of the other.
296
00:17:38,496 --> 00:17:41,616
So whoever gets there first gets the 6711.
297
00:17:42,196 --> 00:17:44,846
When this guy comes in, he's
like, "Oh, I want 6711, too."
298
00:17:44,846 --> 00:17:46,956
The router's like, "Oh, like I don't have that.
299
00:17:47,246 --> 00:17:51,236
That's all right, I'm going to give you 6712."
300
00:17:52,006 --> 00:17:56,326
That's the next free one that I have in
my list or whatever, the next open port.
301
00:17:56,456 --> 00:17:57,926
So these don't have to match.
302
00:17:57,926 --> 00:18:01,586
I mean you figure the router's got the
big Excel spreadsheet thing going, right?
303
00:18:01,586 --> 00:18:03,856
It going to have to like, "Oh, well, oh no.
304
00:18:03,856 --> 00:18:04,276
I'm sorry.
305
00:18:04,276 --> 00:18:05,676
I don't have that available."
306
00:18:05,676 --> 00:18:06,546
It's totally fine.
307
00:18:06,836 --> 00:18:11,066
So it will increment that and life is
good, and, you know, this guy, you know,
308
00:18:11,066 --> 00:18:14,806
so it's seen from CBTNUGGETS as
6712, but when it replies back,
309
00:18:14,806 --> 00:18:18,686
it's like, "Oh, well, 6712 is really 6711.
310
00:18:18,686 --> 00:18:19,836
So let me send that back to him."
311
00:18:19,836 --> 00:18:21,146
So that's how it works it all out.
312
00:18:21,146 --> 00:18:22,056
No biggie there.
313
00:18:22,426 --> 00:18:27,976
And, I know I was kind of like stretching it,
making it sound like, oh, you know 1 in 65,000?
314
00:18:28,416 --> 00:18:32,916
Truth is, this happens all the
time, all the time because...
315
00:18:32,916 --> 00:18:36,816
and this is where I go back
to the theory-65,000 devices.
316
00:18:36,816 --> 00:18:39,286
It's a theory because when you
open a device, let me show you.
317
00:18:39,426 --> 00:18:41,766
Let me show you this.
318
00:18:41,766 --> 00:18:49,546
I'm going to open a command prompt, and
I'm just going to open a web browser to...
319
00:18:49,546 --> 00:18:50,826
how is it...
320
00:18:51,286 --> 00:18:52,136
technet right there, right?
321
00:18:52,136 --> 00:18:56,336
So let's go to the biggest waste of time
website on the Internet, and msn.com.
322
00:18:56,586 --> 00:18:59,926
"Dozens injured after ferry hits NY city dock."
323
00:18:59,926 --> 00:19:03,236
So, you know, when I go here,
this isn't just one website.
324
00:19:03,236 --> 00:19:04,996
I think I told you this early
on in the series, right?
325
00:19:04,996 --> 00:19:07,356
I've got a webserver that
gives you this picture.
326
00:19:07,516 --> 00:19:09,486
I've got these fancy looking ladies.
327
00:19:09,486 --> 00:19:10,526
I've got Geico.
328
00:19:10,526 --> 00:19:21,076
I mean, all of this webpage is just an assembly
of, wow, this is creepy, but an assembly of...
329
00:19:21,076 --> 00:19:23,256
You ever see that movie with Will Smith, the...
330
00:19:23,996 --> 00:19:24,586
oh, where they...
331
00:19:24,586 --> 00:19:25,286
the creatures like [noise].
332
00:19:25,286 --> 00:19:27,286
That's what the guy looks like.
333
00:19:27,286 --> 00:19:30,316
So it's an assembly of all
kinds of different webpages.
334
00:19:30,316 --> 00:19:36,866
So when I go to the command prompt and type
in netstat, I actually see all kinds...
335
00:19:36,866 --> 00:19:38,086
now look at this.
336
00:19:38,086 --> 00:19:39,136
Firefox with bing.
337
00:19:39,136 --> 00:19:39,606
That's funny.
338
00:19:39,606 --> 00:19:44,366
So there's all kinds of different servers
that I was actually sent to for this one.
339
00:19:44,366 --> 00:19:44,936
Now look at this.
340
00:19:45,146 --> 00:19:50,426
These are all like my one computer used this
and this and this and this and this and this.
341
00:19:50,426 --> 00:19:53,166
I mean these are all source port
numbers, and it's kind of hanging up.
342
00:19:53,166 --> 00:19:56,986
The reason it's taking a long time is
because it's trying to figure out what...
343
00:19:56,986 --> 00:19:59,956
well, actually because I
clicked on there and it paused.
344
00:19:59,956 --> 00:20:03,796
It's trying to figure out what name each one
of these IP addresses actually resolve to.
345
00:20:04,036 --> 00:20:07,736
So my one computer actually ended up using...
346
00:20:07,736 --> 00:20:09,736
I mean, the list continues to build, right?
347
00:20:09,736 --> 00:20:14,286
Probably, I don't know, 50 different
port numbers just to go to msn.com
348
00:20:14,286 --> 00:20:16,316
and see the scary guy in the scene.
349
00:20:16,316 --> 00:20:19,636
So the truth is, I mean, you...
350
00:20:19,876 --> 00:20:24,146
in theory if every computer only went to one
place and it only used one port number, yes,
351
00:20:24,146 --> 00:20:29,276
we could get the 65,000, but nowadays, I
mean, you're probably with people web surfing,
352
00:20:29,276 --> 00:20:34,246
you could probably stretch this to
maybe 300, maybe, you know, 500.
353
00:20:34,246 --> 00:20:39,176
It depends on your web surfing people, how
many people are wasting life on msn.com
354
00:20:39,176 --> 00:20:41,626
versus doing work and all at
the same time, and, I mean,
355
00:20:41,626 --> 00:20:44,206
these things time out after
a certain amount of time.
356
00:20:44,206 --> 00:20:48,576
So your mileage may vary but you can
add multiple IP addresses to this pool
357
00:20:48,576 --> 00:20:52,706
that when one maxes out on port numbers,
the next one jumps in there and takes over,
358
00:20:54,146 --> 00:20:56,606
but I digress into a lot of the specifics.
359
00:20:56,606 --> 00:20:58,816
I just want to answer a lot
of the questions I know rattle
360
00:20:58,816 --> 00:21:00,336
around people's mind when I bring this up.
361
00:21:00,466 --> 00:21:04,976
At its root, if I could clear
this up, this is how PAT works.
362
00:21:04,976 --> 00:21:09,946
This is how you can use one IP
address for many internal ones is
363
00:21:09,946 --> 00:21:12,876
by sharing it using the magic of port numbers.
364
00:21:13,986 --> 00:21:18,616
Now I have a different slide for static NAT,
but let me talk about dynamic really quick
365
00:21:18,616 --> 00:21:21,606
because it's similar to PAT but not really.
366
00:21:21,876 --> 00:21:29,036
So dynamic, what it allows you to do is
specify a pool of addresses that we could...
367
00:21:29,036 --> 00:21:33,396
we'll just say they are public
and a pool of private addresses.
368
00:21:33,396 --> 00:21:36,126
You know, we'll call it pool-private,
and what you can do
369
00:21:36,126 --> 00:21:40,876
with that is have one-to-one
translations going through it.
370
00:21:40,876 --> 00:21:47,606
So let's just say I say my private
pool is 192.168.1.0 through 250,
371
00:21:47,606 --> 00:21:52,226
and I say my public pool is actually 200.1.1.,
372
00:21:52,226 --> 00:21:54,506
well let's just say 1 to
250 because you can't use 0.
373
00:21:54,506 --> 00:21:55,936
So 1 to 250 over here.
374
00:21:56,186 --> 00:21:57,986
So what will happen is, you
know, the very first one
375
00:21:57,986 --> 00:21:59,736
to go through, will get the first address here.
376
00:21:59,736 --> 00:22:01,496
The second one to go through
will get the second address.
377
00:22:01,496 --> 00:22:08,746
It's just a series of one-to-one links made
between the public and private IP addresses.
378
00:22:08,746 --> 00:22:10,926
Now you don't really get any savings.
379
00:22:10,926 --> 00:22:13,996
It's not like you save IP
addresses when you do this,
380
00:22:13,996 --> 00:22:16,486
which is the reason why it's not used too often.
381
00:22:16,726 --> 00:22:20,496
The main place dynamic NAT is used, and
it's not something we get into here,
382
00:22:20,766 --> 00:22:22,746
is where you have overlapping addresses.
383
00:22:22,856 --> 00:22:24,586
So let me give you a scenario.
384
00:22:24,586 --> 00:22:32,886
Let's say you've got organization A over
here that uses, let's just say 10.1.0.0/16,
385
00:22:32,886 --> 00:22:37,926
and you've got organization B over here
that uses the same address range, right?
386
00:22:37,926 --> 00:22:41,516
And organization A does a hostile
takeover and buys organization B.
387
00:22:41,586 --> 00:22:44,846
So I don't know why I add hostile into there.
388
00:22:44,846 --> 00:22:45,876
It's just part of my nature.
389
00:22:46,336 --> 00:22:51,576
So what you can do is you can introduce
a router in between that uses dynamic NAT
390
00:22:51,576 --> 00:22:58,766
to where organization A looks like, we'll
just say, 10.2.0.0/16 to organization B,
391
00:22:58,926 --> 00:23:03,986
and organization B may be looks like
10.3.0.0 to organization A. So that way,
392
00:23:04,316 --> 00:23:08,786
you can kind of merge the two and they don't
really know they have overlapping addresses
393
00:23:08,786 --> 00:23:11,846
because NAT is hiding it with this pool.
394
00:23:11,846 --> 00:23:16,346
You create a pool of addresses in 10.2 then
line it up to organization A and create a pool
395
00:23:16,346 --> 00:23:19,216
in 10.3 and line it up to
organization B. So that's
396
00:23:19,216 --> 00:23:22,006
where you see Dynamic NAT used,
and it's only used temporarily.
397
00:23:22,006 --> 00:23:26,566
Obviously that situation doesn't want
to hang around for any amount of time.
398
00:23:26,806 --> 00:23:30,066
So the last form of NAT that I
want to talk about is Static NAT,
399
00:23:30,066 --> 00:23:31,826
and this one is used all the time.
400
00:23:31,826 --> 00:23:36,176
So we've got, you know, PAT, which is just
everywhere, and then we have Static NAT,
401
00:23:36,176 --> 00:23:38,306
which is used all over the place.
402
00:23:38,306 --> 00:23:43,906
A static NAT is a one-to-one mapping from
the inside to outside that doesn't change.
403
00:23:44,046 --> 00:23:48,026
As you saw before with PAT, you
know, these little port number deals
404
00:23:48,026 --> 00:23:52,236
that we're running where, you know, this guy
opens up a web browser and accesses cisco.com,
405
00:23:52,496 --> 00:23:53,666
you know, he uses his port number.
406
00:23:53,666 --> 00:23:59,886
Well as soon as he closes his web browser, that
session dies, and that NAT port ends up back
407
00:23:59,886 --> 00:24:02,396
into the pool where it can be
used by anybody again, right?
408
00:24:02,776 --> 00:24:05,536
But there's times where you want
to create a one-to-one mapping.
409
00:24:05,536 --> 00:24:13,646
Maybe I say this one is always mapped to the
IP address 200.1.1.2, which is, you know,
410
00:24:13,646 --> 00:24:16,786
the ISP believes you have that addresses
because they've given it to you.
411
00:24:16,786 --> 00:24:21,776
So when somebody, you know, this is usually
let's say this one is actually an email server,
412
00:24:22,576 --> 00:24:22,816
right?
413
00:24:23,936 --> 00:24:28,676
So when you're running an email server in an
organization, emails are coming in from all
414
00:24:28,676 --> 00:24:32,116
over the world, and they need
to be able to reach your router.
415
00:24:32,176 --> 00:24:33,986
Now how would they know to come here?
416
00:24:33,986 --> 00:24:35,366
How would all emails know to come right here?
417
00:24:35,536 --> 00:24:37,436
Well, you would go to a DNS server.
418
00:24:37,436 --> 00:24:46,516
Let's say, let's say your organization
NUGGETLAB.com Well what you do is wherever you
419
00:24:46,516 --> 00:24:49,486
registered that domain, you
would go to the DNS control panel
420
00:24:49,486 --> 00:24:52,576
and create a mx record, which
is the mail exchange.
421
00:24:52,576 --> 00:24:57,926
You would say, okay, any time somebody sends
me mail, send it to, you know, 200.1.1.2,
422
00:24:57,996 --> 00:25:01,376
and so that, you know, the mail
servers look up that mx record.
423
00:25:01,536 --> 00:25:07,186
They would end up here, and you create a static
NAT mapping that says 200.1.1.2 really maps
424
00:25:07,186 --> 00:25:11,756
to my email server at 192.168.1.51.
425
00:25:12,216 --> 00:25:16,336
So this is usually used for inbound,
you know it's where things coming in,
426
00:25:16,336 --> 00:25:21,336
but now this time this one goes out,
he will also go out as 200.1.1.2.
427
00:25:21,336 --> 00:25:23,656
He doesn't go into the general pool over here.
428
00:25:23,656 --> 00:25:28,506
Now you can use static NAT
as a one-to-one IP address,
429
00:25:28,506 --> 00:25:29,996
or you can even break it down even further.
430
00:25:29,996 --> 00:25:38,416
You could say 200.1.1.2 on port 25
maps to this email server on port 25.
431
00:25:38,416 --> 00:25:41,396
So, by the way, port 25 is SMTP.
432
00:25:41,666 --> 00:25:44,196
That's what email servers
use when they receive email.
433
00:25:44,516 --> 00:25:47,946
So that allows you to say just that
port maps to that email server.
434
00:25:48,286 --> 00:25:48,846
Why is that good?
435
00:25:49,586 --> 00:25:52,656
Because public IP addresses
are at a premium, you know.
436
00:25:52,656 --> 00:25:54,806
You want to conserve them as much as possible.
437
00:25:54,806 --> 00:25:57,476
So you might be able to, you
know, use that for other things.
438
00:25:57,476 --> 00:26:05,176
You might say, well, 200.1.1.2:80, you
know, HTTP services, those will actually go
439
00:26:05,176 --> 00:26:06,716
to a third server inside of here.
440
00:26:06,716 --> 00:26:12,696
Maybe we've got a server 192.168.1.100, and
that's our web server that we're running.
441
00:26:12,696 --> 00:26:18,466
So if somebody accesses web services it
actually goes to that 192.168.1.100 on port 80,
442
00:26:18,466 --> 00:26:22,806
and I can now kind of split this IP
address into all these different services.
443
00:26:22,806 --> 00:26:27,806
So you say, oh, well, actually I
also want to sent 200.1.1.2:443,
444
00:26:27,806 --> 00:26:30,176
which is HTTPS, to that same destination.
445
00:26:30,176 --> 00:26:34,426
So you can really split this up, you know,
give it the whole IP address per server,
446
00:26:34,586 --> 00:26:37,526
or you can break it down and say, well, these
go to these ports go to these different servers,
447
00:26:37,526 --> 00:26:39,966
and really get the most out of each IP address.
448
00:26:41,176 --> 00:26:46,436
Those are the concepts, and if it's at all fuzzy
right now, and hopefully it's not, but if it is,
449
00:26:46,696 --> 00:26:50,126
it'll get much clearer when we start doing
the configuration in the next nugget.
450
00:26:50,606 --> 00:26:51,106
So let's review.
451
00:26:51,696 --> 00:26:54,456
We have seen what network
address translation is.
452
00:26:54,846 --> 00:26:58,766
We have seen there's many ways to go public
to private, and we saw the static way,
453
00:26:58,766 --> 00:27:03,566
the dynamic way, and then
using PAT as a way to do it.
454
00:27:03,566 --> 00:27:08,386
Almost everybody in the world using PAT, almost
every business in the world using static NAT
455
00:27:08,646 --> 00:27:12,326
to make servers available from the
inside out, and then we saw some,
456
00:27:12,326 --> 00:27:15,526
I'll say some, of the NAT terms and locations.
457
00:27:15,796 --> 00:27:21,686
We saw the inside, the outside addresses,
but when we get to the configuration,
458
00:27:21,726 --> 00:27:25,236
you might remember I said there's actually
more to this where we get to things known
459
00:27:25,236 --> 00:27:28,386
as inside local addresses
and inside global addresses.
460
00:27:28,386 --> 00:27:34,026
You'll start being able to identify where these
different IP addresses are in the grand scheme
461
00:27:34,026 --> 00:27:36,106
of things, but that's in the configuration.
462
00:27:36,246 --> 00:27:40,036
So for now, I hope this has been informative
for you, and I'd like to thank you for viewing.
45816
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.