Reprinted: the concept and image of the Gateway

A gateway is a computer system or device that acts as a conversion task. The gateway is a translator between two systems that use different communication protocols, data formats, languages, and even completely different architectures. Unlike the Net Bridge, the gateway repacks the received information to meet the needs of the target system. The gateway can also provide filtering and security functions. Most gateways run on the application layer, the top layer of the OSI Layer 7 protocol.

As we all know, walking from one room to another must go through one door. Similarly, sending information from one network to another must go through a "Gateway", which is the gateway. As the name implies, a gateway is the "Gateway" for a network to connect to another network ". There are also many types of gateways according to different classification standards. The Gateway in TCP/IP protocol is the most commonly used. The "Gateway" mentioned here refer to the gateway under TCP/IP protocol.

So what is the gateway? A gateway is essentially an IP address from a network to another network. For example, if Network A and Network B exist, the IP address range of Network A is "192.168.1.1 ~ 192. 168.1.254 ", The subnet mask is 255.255.255.0, And the IP address range of Network B is" 192.168.2.1 ~ 192.168.2.254 ", and the subnet mask is 255.255.255.0. Without a router, the two networks cannot communicate with each other through TCP/IP, even if the two networks are connected to the same vswitch (or hub, the TCP/IP protocol also determines that the hosts in the two networks are in different networks based on the subnet mask (255.255.255.0. To realize the communication between the two networks, you must use the gateway. If the host in Network A finds that the destination host of the data packet is not in the local network, it forwards the data packet to its own gateway, and then the gateway forwards the data packet to the gateway of Network B, the gateway of Network B is then forwarded to a host of Network B (as shown in the figure below ). The process in which Network B forwards data packets to Network. Therefore, only the IP address of the gateway can communicate with each other through the TCP/IP protocol. Which machine is the IP address? The IP address of a gateway is the IP address of a device with the routing function. A device with the routing function has a router and a server with the routing protocol enabled (essentially equivalent to a router), proxy server (also equivalent to a vro ).
PS:

Devices connected to multiple physical TCP/IP networks can select or deliver IP packets between these networks. The gateway converts data between different transmission protocols or data formats (for example, IPX and IP). Generally, the gateway adds it to the network because of its conversion capability.

In the context of interaction with Novell Netware, the server information Block (SMB) protocol used by the gateway in the Windows Network and the NetWare Core Protocol (NCP) used by the NetWare network) it serves as a bridge. A gateway is also called an IP router.

 

What is the role of the Computer Host Gateway?

 

Suppose your name is Tom. You live in a big courtyard. Your neighbors have many friends. At the door, there is another Uncle Li who looks at the door. Uncle Li is your gateway. When you want to play with a friend in the yard, as long as you shout out his name in the yard, he will respond to you when he hears it and runs out to play with you.

However, you are not allowed to go out of the door. If you want to contact the outside world, You must contact Mr. Li (GATEWAY) at the door by phone. If you want to chat with your classmate James, James lives in another yard far away, and he also has an Uncle Wang (James's gateway) in his yard ). But you don't know the phone number of James's house, but your teacher in charge has a list of all the students in your class and a phone number comparison table. Your teacher is your DNS server. So you called Uncle Li at home and had the following conversation:

Tom: Mr. Li, can I check James's phone number with the class teacher?

Uncle Li: Well, you are waiting. (Then, Uncle Li Hung up a phone number for your class teacher and asked James about his phone number.) He asked, his phone number is 211.99.99.99.

Small: Great! Uncle Li, I want to contact James. Could you help me contact James.

Uncle Li: No problem. (Then, Uncle Li sent a request to the telephone Bureau to connect Mr. Smith's phone. The last pass was, of course, transferred to Mr. Wang from the courtyard of Mr. Smith's house, then grandpa Wang transferred the phone number to Xiaoming's house)

In this way, you have contacted James.

As for the DHCP server, it can be compared as follows:

There are more and more residents in your yard. The telephone switch in the transfer room, Uncle Li, cannot meet the needs of so many residents, so we have to adopt a new technology called DHCP, the residents get a random phone number when starting the system, and each phone number may be different.

Uncle Li at your door: Your gateway

Your class teacher: your DNS server

Communication room telephone switch: Your DHCP server

Similarly, the conversation between Uncle Li and Mr. Wang is called routing.

In addition, if there is another child called Tom, he lives in the courtyard to visit Uncle sun, because he has just built a dark courtyard, and Uncle sun has just arrived, he does not have the phone number from Uncle Li and Uncle Wang's office (Ye Li and Mr. Wang certainly do not have his phone number). There are two situations:

1. Zhao Dama of the neighborhood committee told Sun's phone number about Uncle Li and Wang (Zhao Dama also told Li and Wang about Sun's phone number), which is called static route setting.

2. Zhao Dama is ill. Grandpa sun calls everywhere and says, "I am from the dark, and the phone number is in charge of the Yard." Li and Wang heard the result, I recorded it in their address book, and then Li and Wang sent a call to Uncle sun and said, "I'm James (not a little) and they called the yard ", this is called Dynamic Route configuration.

Then, one day, I am not looking for a dark image. The result is naturally that I am not calling Uncle Li and saying, "Grandpa, I am looking for Tom "(here I omitted the process of checking the phone number by Mr. Li. Suppose he knows the phone number by Mr. Li). When Mr. Li looks for the address book:" Oh, the phone number of the yard is managed by Uncle sun. if you want to contact Mr. Sun, you must first notify him. I can notify Mr. Wang to ask him to contact Mr. Sun, you can also look for sun directly. Of course, it is convenient to look for sun directly. "So Uncle Li called Uncle sun and then he transferred the phone to Mr. Sun's home.

Here, Uncle Li's address book is called a route table.

Uncle Li chose whether to directly find Uncle sun or ask Uncle Wang to help transfer the route.

The reason why Uncle Li chooses to contact uncle sun directly is that he can find Uncle sun in one step. If Uncle Wang needs to transfer the information, two steps are required, here, the "Step" is called "Number of hops". Uncle Li's choice follows the minimum step (number of hops) Principle (if he does not follow this principle, it may take some time to find the hidden state. The final result may lead to Uncle Li being fired for poor work. This is called "the delay is too long and the routing principle is unreasonable, changed to a vro ")

Of course, things are always changing. Tom and James are quarreling. These days, Tom always calls Tom and thinks, "Fuck, is he talking bad about me ?" So James decided to eavesdrop on a conversation with Tom, but he was not allowed to leave the hospital. What should he do? James made the following decision:

First, he told Ye Wang, the phone number manager in his courtyard, "you have called Ye Li to say that Mr. Smith has moved to our yard. I will pick up the phone number he has called ", uncle Wang did not reflect it (after all, he is older !) He called Ye Li and said, "Now I have managed Mr. Sun's phone number." As a result, Mr. Li changed his address book, this is called route spoofing.

In the future, if you try again, Uncle Li will transfer it to Uncle Wang (in fact, it should be transferred to Uncle Sun ), when Mr. Wang received the call, he transferred it to James (because he had already spoken to James). When James received the call, he pretended to communicate with Tom. James was a thief and was afraid to ask him in person when he met Tom tomorrow. after the communication was broken, in the name of Tom, he gave Tom a phone call to repeat what he had just said. This is called data eavesdropping.

Later on, James continued to communicate with Tom, and then fell victim to James. James said, "I can't always talk to Tom like this, what should I do if I expose the stuffing one day!" So he thought of a more sinister TRICK: "I will not listen to your phone call at all. Aren't you sure you want to call me! I cannot beat you, too !", How did he do it? Let's take a look:

He contacted a group of friends and colluded with them. Every day, at a fixed time, everyone made a phone call to the passer room in the dark courtyard. Everything was available. As long as grandpa sun answered the phone, you will hear "thunder, rain and clothes!" "People are fucking born, the demon is fucking born", "Your Mom's surname", etc. The head is too big to listen, the phone keeps ringing! One day, Grandpa sun couldn't help it, and shouted, "I can't help pulling !!!!", So I hung up and killed myself!

This is the simplest DDoS attack. Grandpa Sun's weak psychological endurance is called "a bug in the datagram processing module". Grandpa Sun's suicide is called "router paralysis ". If it was me, I would smile at home with them, for example, telling them, "I have listened to the weather forecast for a long time, clothes have been received 10 minutes ago, "whether your mom is a man or a demon" or "have a surname with your grandmother", etc. My sound psychology is called "robust datagram processing, able to defend against any attack"

After Grandpa sun collapsed, he finally stopped calling Tom because no matter how he played the other party, he was busy. This phenomenon is called "denial of service ", therefore, James's practice is also called "Denial of Service attack ".

James finally quieted for a few days ,...

A few days later, James's yard came to a beautiful girl named Xiaoli, who liked her very much (what is early love at a young age !) But Xiao Li has a very handsome boyfriend, and James can't help but stare. Of course, the above principle should be followed: Lili cannot be discharged from hospital. The man wanted to make a phone call for Lili, so James was so anxious:

Do you still remember that grandpa Wang is the telephone manager of the yard? He can manage the phone number because he has an address book. Because two children in the same yard may be called James and cannot be distinguished by their names, there are only two items in each line in the address book:

House phone number

Gate 1, 1234567 (this is James's)

Gate 2, 7654321 (this is Lili's)

......

Grandpa Wang has a bad memory, but it will never be wrong. (There won't be two "Gate 2" in the same yard )? Every time I call someone else, I need to give a phone number and then use the address book to knock on the door in the yard. For example, if someone says that I am looking for "1234567", grandpa Wang compared it, if it is door 1, he will go to Door 1 and "Listen to phone". If it is "7654321", then he will go to door 2 to "Listen to phone ".

The phone number here is the legendary "ip address"

The room number here is the 'mac' address of the legendary NIC (the MAC address of each Nic is different, which is written by the NIC manufacturer into the NIC chip)

James thought, "Grandma, I don't want to talk about it if I can't get it." So he started his idea of grandpa Wang's address book. After careful observation, he made careful preparations, he finally found out that grandpa Wang had frequent urination problems (after all, the old man ...), finally, in the dark and windy day of the month, grandpa Wang went to the toilet. James secretly touched the transfer room and carefully changed Grandpa Wang's address book ......

After a few days, Xiaoli's boyfriend called Xiaoli again. The phone number reported by the other party was "7654321". grandpa Wang looked at the address book and relied on:

House phone number

Gate 1, 1234567 (this is James's)

Door 1, 7654321 (Note: This was originally from Lili, but it was changed by James)

......

Grandpa Wang didn't know how to change it, so he went to the door No. 1 to find Xiao Ming. James felt this beautiful, he taught the male and male relations in a strict tone from Xiaoli's father. As a result, the male hangs up with respect. Of course, Lili doesn't know how the whole thing happened...

Here, James's behavior is called "ARP spoofing" (because ARP packets are sent on the actual network, it is called "ARP spoofing "), grandpa Wang's address book is called an ARP table"

Note: grandpa Wang now has two address books. One is to record the phone number of each yard, which is called the "route table" and the other is to record the detailed information in the yard, it is called an ARP table ".

There is a famous saying that "people are always pursuing perfection, even if they can never do it." (remember this sentence, because it is a famous celebrity, that is, me)

In grandpa Wang's system, one of them wrote "check the corresponding house number and phone number (ARP table) every month", which is called "Refresh ARP table ", the time limit of each month is called "the cycle of refreshing the ARP table ". In this way, James will never be able to find Xiaoli, And he will secretly change the address book once every month. But this is what he has to do!

In addition, James is very smart. If the address book (ARP table) is changed to this:

Home (MAC) Phone (IP) 1

Gate 1234567 (this is James's)

Door 2, 1234567 (Note: James changed this, but he was dizzy and wrong)

......

The computer will pop up a dialog box prompting "Duplicate IP addresses". In the end, grandpa Wang will be overwhelmed, so he will notify Door 1 and door 2 that your phone number is repeated. In this way, Lili will know that someone is destroying her good deeds. This phenomenon is called "scam exposed"

Tom knows that James eavesdropped on his phone number with Tom, so he agreed on the password with Tom. Click "encrypt" at home and then tell "dark. Tudou-> Wednesday, sweet potato-> treat, dumb-> small family. So I told Tom: potato dummies. James listened ??? Don't understand .... Depressed... This is encrypted.

In addition, Lili also knew that James had changed his phone number. So grandpa Wang went to the door and wrote down the phone number and house number one by one. In addition, attackers are not allowed to modify the password. They can only have their own keys (passwords ). This is the binding between the IP address and the MAC address. When someone changes the phone number, he needs to change it to grandpa Wang. The trouble is troublesome, but it is safe. But James secretly stole grandpa Wang's key (the password was stolen), so he could modify it. That's it.

Gateway is also known as the inter-network connector and Protocol converter. The gateway is the most complex network interconnection device on the transport layer to achieve network interconnection. It is only used for different network interconnection between two high-level protocols. The structure of the gateway is similar to that of the router. The difference is the Interconnection layer. Gateways can be used for both Wan and LAN interconnection.

Cross-gateway technology

The current IPv4 IP address is 32-bit, which is further divided into A, B, and C according to the first few IP addresses. However, due to the rapid development of the Internet, IP resources are gradually exhausted, the number of IP addresses available for allocation is getting fewer and fewer, which is in serious conflict with the rapid development of the Internet. In the case that IPv6 is far from being fully upgraded, only the proxy server is used, convert Intranet addresses and public addresses to access the Internet.

The proxy server acting as an intermediary is a gateway, which brings endless troubles to the current multimedia communication system. In the case of poor IP resources, only the gateway or even Multi-Layer Gateway can access the broadband network, because the protocol of the multimedia communication system, such as H.323, must have a public IP address on both sides of the business, but how many users of the current broadband can meet this requirement? Micosoft's NetMeeting and other multimedia communication systems are in this embarrassing position. Cross-Gateway has become a headache.

Cross-Gateway: network data passes through layer-by-layer gateways and is subject to the speed of gateway nodes, greatly reducing the network speed. Based on the underlying network protocol, the cross-gateway technology breaks through the gateway bottleneck and enables point-to-point communication between customers.

Reprinted: the concept and image of the Gateway