simple router implementation (with NAT & without NAT) using Rabbit Processor

Dear All,

Following is our understanding for ROUTER operation (With NAT & Without NAT)

Following is example of a network at any office

  1. Host A has one network interface, with one IP address (10.10.10.100) and one MAC address (A).

  2. Webserver B has one network interface, with one IP (175.1.1.100), and one MAC (B).

  3. Router C has TWO network interfaces, two IPs (10.10.10.200 on the side facing Host A, and 175.1.1.200 on the side facing the webserver), and two MACs (C1 on the side facing Host A, and C2 on the side facing the webserver).

With this information network now looks like:
HostA (10.10.10.100, MAC: A) <—> (10.10.10.200, MAC C1) RouterC (175.1.1.200, MAC C2) <—> (175.1.1.100, MAC B) WebserverB

MAC addresses are only useful to devices on the same ethernet segment, so when packet leaves Host A, it is encapsulated into a frame with source and destination MACs to govern the next physical hop. The destination MAC will be the MAC of the next physically connected device (in this case it’s router).

Frame/packet combination at the output HOST A looks like this:
SIP (source IP): 10.10.10.100
SMAC (source MAC): A
DIP (destination IP): 175.1.1.100
DMAC (destination MAC): C1

When it gets to the router, the frame is removed, the packet is processed and sent toward the interfaces that faces the webserver.

If we are NOT running NAT, the packet and frame at the output of ROUTER C will look like:
SIP: 10.10.10.100
SMAC: C2
DIP: 175.1.1.100
DMAC: B

The IP does not change, because the communication is still between Host A and Webserver B.

If we are running NAT, then the frame/packet leaving the router looks like:
SIP: 175.1.1.200
SMAC: C2
DIP: 175.1.1.100
DMAC: B

The router is here acting as a proxy for the computer behind it. It swaps the private IP for a public one. Otherwise, everything is the same.

When Webserver B receives the frame, it decapsulates the packet, and the response again depends on whether you’re running NAT or not.

If you are NOT running NAT, the frame/packet at the output of the WEB Server looks like:
SIP: 175.1.1.100
SMAC: B
DIP: 10.10.10.100
DMAC: C2

If you ARE running NAT, the frame/packet at the output of the WEB Server looks like:
SIP: 175.1.1.100
SMAC: B
DIP: 175.1.1.200
DMAC: C2

Is our understanding of any router operation is correct?

Can it is possible to achieve the mentioned logic of router (with NAT and without NAT) using Rabbit processor? if yes then how?

There’s more to it than you have described.

There’s another layer you have to worry about, if you want to be able to support multiple hosts on your 10.x.x.x network with NAT. You’ll be assigning a differnet port (socket) to each connection that’s made from the 10.x.x.x network, and when you receive a packet on the 175.x.x.x interface, you’ll need to look up the destination IP address from the port number to determine where to pass it on.

IP to MAC address translation is typically done with the ARP protocol, and also your router may need to pass the packet on to another router, as there is no guarantee that the destination IP address will be on the network to which is is directly attached. You can do that in a simple, dumb way by just knowing of at least one router on the network and passing everything to it that isn’t destined for the subnet that you’re attached to. But expect to get a response (ICMP Redirect message) from it if it knows a better route. So you really need to be participating in the routing protocols if you want to play nice.

You probably also need to worry about congestion control (e.g., ICMP Source Quench).