Below is my basic cognition of network communication:
1, all the highest network communication only at the network layer, namely see IP first;
2, the Internet, in the routers will only be decapsulation this point to the network layer, namely IP [first] + [1] data, this is a package;
3, can be written on the router extended ACL, which can undertake filtering for port and network protocols, the router need to check the data packets in a specific protocol type and port number, here understand no problem ~

Here is my contact network newly small white self-understanding:

The router need to check in for ACL packet of protocol and port number, it is need to packets in the network layer data [1] decapsulation TCP/UDP header + data [2], and then see in TCP/UDP header port number, here is the port number!!!!
Wouldn't it be a prescription for agreement or port filter the ACL on the routers need to be involved in the transport layer?
That such a packet, the router will tear open a package to see the inside of the TCP/UDP header after port, then filtered forwarding, this is the right understanding?

Another question is about the problem of NAT:
I'm looking at our side the school on the export of NAT table, outside global and outside local IP + port number is the same to end, that the outside local what is the point?

Bow to bosses (, man,), refer to

CodePudding user response:

Similar problems I mentioned: http://bbs.csdn.net/topics/392028290

CodePudding user response:

Send a request when the port number and IP is sent together

CodePudding user response:

Port is the corresponding application,

CodePudding user response:

I understand, the port should be a system to provide an open access - is like a building, IP describes in detail you floor, port described in room 701 702
And the meaning of each part of the open port lock is different, the equivalent of each layer of tenant is different also,

CodePudding user response:

1) port (TCP/IP) is the corresponding application layer rather than the transport layer;
2) port number is to distinguish between the different applications, has been said above, such as HTTP port 80 commonly used;
3) ACL if filtering according to the port of course need to parse, so there will be additional costs, so open the ACL will have an effect on the router performance;

CodePudding user response:

We now commonly used four layer network model, A attribute is the MAC address is represented in the link layer, network layer in representative have ipv4 ipv6, on behalf of the property the IP address, again upwards is the transport layer, on behalf of TCP, udp, on behalf of the attribute is A port, the port can be used to distinguish between message to be sent to which the socket, as what the role of the house number is A meaning, I socket port is 80. A short socket B port is 8080, when I received A message transport layer, parsing the head of the destination port, so I will know that this message is sent to which the socket, if the socket is registered in the epoll, I'll notify the socket have read event,