Hosts versus Gateways
The distinction between hosts and gateways often causes some confusion.this is because of a shift in the meaning of the term “host”.As defined by the original RFCs (1122/3 and 1009):
- A host is a device connected to one or more networks.It can send and receive traffic on any of these networks,but it never passes traffic from one network to another.
- A gateway is a device connected to more than one network.It selectively forwards traffic from one network to another.
If a host has several network interfaces,how does it device which interface yo use for packets to a particular IP address?The answer lies in the routing table.Consider the following routing table:
The host sends all traffic for hosts on network 184.108.40.206 (for example,host addresses 220.127.116.11 -18.104.22.168)out through interface eth0 (which has IP address 22.214.171.124),and all traffic for hosts on network 126.96.36.199 out through interface eth1 (which has IP address 188.8.131.52).The flag U just means that the route is “up”(that is,active).
This example only covers hosts that are connected directly to you – whatif the host in question is on a remote network?If you are connected to network 184.108.40.206 by way of a router with an IP address of 220.127.116.11,you can add an entry to the routing table:
This example covers all the basics of the routing table,apart from a few special entries:
The first of these is the loopback interface,for traffic from the host to itself.This is used for testing,and for communications for applications that are designed to operate over IP but that happen to be communicating locally.It is host route to yhe special address 127.0.0.1 (the interface lo0 refers to a “fake”network card internal to the IP stack).
The second entry is more interesting.To save having a route defined on the host to every possible network on the internet,a default route can be defined.If no other entry in the routing table matches the destination address,the packet is sent to the default gateway (given in the default route).
Currently,there are three main categories of gateways:
- Protocol gateways
- Application gateways
- Security gateways
Protocol gateways usually convert protocols between network regions that use dissimilar protocols.This physical conversion can occur at layer 2 of the OSI Referance Model (the Network Layer),Layer 3 (the Internetwork Layer),or between Layers 2 and 3.Two types of protocol gateways do not provide a conversion function : security gateways and tunnels.
Security gateways that interconnect technically similar network regions are a necessary intermediary because of logical dissimilarities between the two interconnected network regions.For example,one might be private WAN and the other a public one,like the internet.This exception is discussed later in this chapter,under the heading “Combination Filtration Gateways”.The remainder of this section focuses on protocol gateways that perform a physical protocol conversion.
Tunneling is a relatively common technique for passing data through and otherwise incompatible network region.Data packets are encapsulated with framing that is recognized by the network that will be transporating it.The original framing and formatting are retrained,but are treated as data.Upon reaching its destination,the recipient host unwraps the packet and discards the wrapper.This results in the packet being restored to its original format.In Figure 10.1,IPv4 packets are wrapped in IPv6 by Router A for transmission through an IPv6 WAN for delivery to an IPv4 host.Router B removes the IPv6 wrapper and presents the restored IPv4 packet to the destination host.
Application gateways are systems that translate data between two dissimilar formats.Typically,these gateways are intermediate points between an otherwise incompitable source and destination.The typical application gateway accepts inputs in one format,translate it,and ships the outputs in a new format,as shown in figure 10.8.The input and output interfaces can either be separate or use the same network connection.
A single application can have multiple application gateways.For example,electronic mail can be implemented in wide variety of formats.Servers that provide electronic mail may be required to interact with other mail servers,regardless of their format.The only way to do this is to support multiple gateway interfaces.Figure 10.9 demonstrates some of the many gateway interfaces available for an e-mail server.