“家用路由器”和書上講的“路由器”完全不是一個概念!如果僅僅從功能上來說,路由器 = 交換機 + NAT。以下“家用路由器”專指家用路由器,而”路由器“專指書上講的路由器。
路由器是工作在網絡層的設備,交換機是工作在數據鏈路層的設備,因此路由器比交換機更高一層,正是因爲高了一層,所以才能實現NAT這種功能。
一臺家用路由器由一個CPU擔任網關的角色,一個端口創建一個局域網地址池,連接到交換機芯片上分給四個局域網端口,另一端口接廣域網口,與局端設備保持連接,獲得一個公網IP。至於無線芯片,其實是連在交換機芯片上的。所以家用無線路由器嚴格來說產品名稱應該是家庭網關。
參考博客1中給出如下描述:
Home routers are actually a combination of three networking components: a router, a firewall, and a switch. In a commercial setting the three pieces of hardware are kept separate but consumer routers are almost always a combination of both the routing and switching components with a firewall added in for good measure.
也就是說,家用路由器 = 路由器 + 防火牆 + 交換機 = 防火牆 + 交換機 + NAT。其中關於防火牆和交換機,參考博客1中分別給出描述:
Firewall: Routers act as basic firewalls in a variety of ways including automatically rejecting incoming data that is not part of an ongoing exchange between a computer within your network and the outside world. If you request a music stream from Pandora, for example, your router says, “We’re expecting you, come on in” and that stream of data is directed to the device that made the request. On the other hand, if a sudden burst of port probing comes in from an unknown address your router acts as a bouncer and rejects the requests, effectively cloaking your computers. Even for a user with a single computer a simple $50 router is worth it for the firewall functionality alone.
Switch: In addition to the inside-to-outside network functionality outlined above, home routers also act as a network switch. A network switch is a piece of hardware that facilitates communication between computers on an internal network. Without the switching function the devices could talk through the router to the greater internet but not to each other—something as simple as copying an MP3 from your laptop to your desktop over the network would be impossible.
路由器和交換機的區別(參考博客2):
兩者都是連接互聯網的設備,它們之間主要區別就是,交換機發生在網絡的第二層數據鏈路層,而路由器發生在第三層網絡層。這個區別是兩者各自工作方式的根本區別。路由器可以根據IP地址尋找下一個設備,可以處理TCP/IP協議,而交換機是根據MAC地址尋址的。
最後來看下NAT協議。我們都知道,一臺家用路由器可以允許多臺設備同時連接上網,如下圖所示:
那麼當設備通過家用路由器向網絡發送請求後,返回的響應到達路由器時,路由器必須要知道該響應對應的是哪臺設備發送的請求。我們向網絡供應商(ISP)申請網絡訪問權限時,ISP會給路由器分配一個公網ip,路由器內部的設備只能使用內網ip。NAT的作用就是實現公網/內網ip以及端口的轉換。爲此,需要一張表,用於記錄內外ip和端口的映射關係。
假設內網中有兩臺設備A和B,同時訪問同一個外網ip的相同端口。那麼在路由器處就會記錄如下映射關係:
(remote ip_r : port_r)--(local ip_a : a_port)
(remote ip_r : port_r)--(local ip_b : b_port)
假設恰好a_port和b_port的值相同,那麼來自遠端的響應數據到達路由器時,路由器就無法確定該請求應該給A還是給B。對於這種情況,NAT採用一個三元組來進行區分:(remote ip_r : port_r)(nat port)(local ip_a : a_port),即通過增加nat port來進行區分。當A和B請求到來時,爲兩個請求生成兩個尚未使用的端口:a_port和b_port,並記錄如下關係:
(remote ip_r : port_r)(nat a_port)(local ip_a : same_port)
(remote ip_r : port_r)(nat b_port)(local ip_b : same_port)
即當A請求到達路由器時,路由器將請求的源ip換成ISP分配的公網ip,並將源端口換成a_port;而當請求B到達路由器時,路由器將請求的源ip換成ISP分配的公網ip,並將源端口換成b_port。當A和B的請求返回時,根據返回的目的端口(返回的目的端口就是請求的源端口)是a_port還是b_port即可確定該將響應給A還是B。
參考博客:
1、https://www.howtogeek.com/99001/htg-explains-routers-and-switches/ Understanding Routers,Switches,and Network Hardware
2、https://baijiahao.baidu.com/s?id=1596373286946216952&wfr=spider&for=pc 路由器和交換機的區別?路由器的作用和工作原理