How does Telnet know where a host is when routing over the internet?

0

I am fairly new to studying networking, and this is something I have been wondering even though it may be a basic question. I've spoken with people in the networking world and they talk about having to remotely connect (via Telnet or SSH) to devices in order to look at configurations and make changes. In my studies I have also fiddled around with remote connections, but never across a WAN or connecting to a device in another network.

Let's say you have two office branches located in different states, they are not connected via leased lines and instead route traffic over the internet in order to communicate with each other. Let's say within Branch A there is a Cisco switch you need to connect to from Branch B. The switch has a private IP address of 192.168.1.50 /24. Since this is a private address, and not unique in any way, how does the person at Branch B initiate a telnet or SSH connection to the device?

Now I know a bit about NAT and PAT, but not a lot. I understand with PAT, if a device wants to communicate with say a web server across the internet, its private address is translated to a public/routable IP and uses port numbers to identify the session. This makes sense because the web server can see who to reply to. But in the case of my telnet example, how is the user in Branch B able to find the exact device in Branch A when the device is configured with a private address?

I'm sorry if this is very basic, I'm trying to better understand the concepts here but am having a hard time with this one. This could apply to multiple protocols, not just SSH or Telnet, but I'm just using them as an example.

ALLCAPS

Posted 2019-12-06T17:49:35.777

Reputation: 1

Answers

3

How does Telnet know where a host is when routing over the internet?

Telnet doesn't care. This is handled by IP.

Let's say you have two office branches located in different states, they are not connected via leased lines and instead route traffic over the internet in order to communicate with each other. Let's say within Branch A there is a Cisco switch you need to connect to from Branch B. The switch has a private IP address of 192.168.1.50 /24. Since this is a private address, and not unique in any way, how does the person at Branch B initiate a telnet or SSH connection to the device?

You actually cannot initiate such a connection directly across the public internet, precisely because of the reason you mention – the IP address is from the private range, so the ISP cannot route it to the correct place.

One common workaround is a site-to-site VPN, which encapsulates the packets inside another IP packet (well, usually UDP or GRE) and sends that to a public IP address at Branch B. The router at Branch B then decapsulates and sends the inner IP packet to the switch. (Of course this only works as long as each branch has a unique private IP range.)

Another workaround, hopefully rare in offices, but very common on home internet connections, is NAT (/PAT/NAPT) – i.e. statically configured destination NAT rules (aka "port forwarding").

Now I know a bit about NAT and PAT, but not a lot. I understand with PAT, if a device wants to communicate with say a web server across the internet, its private address is translated to a public/routable IP and uses port numbers to identify the session. This makes sense because the web server can see who to reply to. But in the case of my telnet example, how is the user in Branch B able to find the exact device in Branch A when the device is configured with a private address?

The same kind of translation can be done in any direction, it doesn't have to be "private → public". For example, you can connect to Branch B's public address, on TCP port 12345, and configure a PAT rule so that these packets get translated to destination 192.168.1.50 port 22.

That's commonly called "port forwarding"; in iptables it can be implemented as a -j DNAT rule.

Again, this is not common on inter-office connections since you'd need quite a lot of static NAT rules. However it's often used on home Internet connections where you just want to host a single service or two.

user1686

Posted 2019-12-06T17:49:35.777

Reputation: 283 655

Asked: 2019-12-06T17:49:35.777

Viewed: 45 times

Active: 2019-12-06T18:13:27.847