Network Address Translation or NAT gives the facility of accessing the internet by multiple devices through a single public IP address. To do this, the private IP address must be converted to a public IP address. Network Address Translation is the procedure that converts one or more local IP addresses into one or more global IP addresses and vice versa in order to offer internet connection to local hosts.
NAT also can do Port Number Translation which is masking the host's port number with another port number in the packet that will be forwarded to the destination. It then inserts the relevant IP address and port number entries into the NAT table. NAT is often implemented on a router or firewall.
Table of Content
How does Network Address Translation Work?
NAT is generally configured on the border router, which has one interface in the local (inside) network and one interface in the global (outside) network.
NAT translates a local (private) IP address to a global (public) IP address when a packet transverses outside the local(inside) network. The global (public) IP address of a packet is changed to a local (private) IP address when it reaches the local network.
If runs out of addresses in the configured pool, packets are discarded and an Internet Control Message Protocol (ICMP) host unreachable packet is delivered to the destination.
Masking Port Numbers
Assuming there are two hosts A and B that are linked in a network. Suppose that both of them request the same destination on the same port number (1000), on the host side at the same time. If NAT just translates IP addresses, then when their packets reach NAT, the public IP address of the network will make both of their IP addresses and forward them to the destination. Then the public IP address of the router will be sent responses by the destination. As a result, when NAT receives a response, it will be unclear which response belongs to which host (since port numbers of both A and B are the same).
Therefore to avoid such issues, NAT masks the source port number too, and creates an entry in the NAT table.
Inside and Outside Addresses of NAT
The term inside refers to the addresses that must be translated and Outside addresses are those that are not under the authority of an organization. The address translation will take place in these network addresses.
Inside local address
The inside local address is an IP address given to a host on the Inside (local) network.
These addresses are private IP addresses that are not provided by the service provider.
This is the inside host seen from the inside network.
Inside global address
An IP address that is used to represent one or more inside local IP addresses to the outside world is the inside global address.
This is the inside host as seen from the outside network.
Outside local address
After translation, the true IP address of the destination host on the local network is the Outside local address.
Outside global address
The IP address of the outside destination host before translation is the Outside global address.
This is the outside host when observe from the outside network.
Types of Network Address Translation
Static NAT
A single unregistered (Private) IP address is mapped to a legally registered (Public) IP address in this type of NAT, resulting in a one-to-one mapping between local and global addresses.
This is commonly used in Web hosting. These are not used in businesses since many devices will require an Internet connection, and in order to give Internet access, a public IP address is required. Assume that there are 3000 devices that require Internet connectivity, and the organization must purchase 3000 public addresses, which will be highly expensive.
Dynamic NAT
An unregistered IP address is converted into a registered (Public) IP address from a pool of public IP addresses in this type of NAT. If the pool's IP address is not available, the packet will be discarded since only a limited number of private IP addresses can be converted to public addresses.
Assume there is a pool of two public IP addresses, and only two private IP addresses may be translated at the same time. If a third private IP address attempts to connect to the Internet, the packet is discarded, therefore several private IP addresses are mapped to a pool of public IP addresses. When the number of people who wish to connect to the Internet is fixed, NAT is used. This method is quite expensive because the company must purchase a large number of global IP addresses in order to create a pool.
Port Address Translation (PAT)
This is often referred to as NAT overload. Many local (private) IP addresses can be converted to a single registered IP address using this method. Port Numbers are used to identifying which communication belongs to which IP address. This method is the most cost-effective, as thousands of users can be connected to the Internet using one real global (public) IP address. Therefore this method is used more often.
Advantages and Disadvantages of NAT
Advantages | Disadvantages |
NAT protects legally assigned IP addresses. | Switching route delays occur from translation. |
It protects privacy by hiding the device's IP address when sending and receiving communications. | While NAT is activated, certain applications will not function.
|
Address renumbering is eliminated as a network develops. | Tunneling protocols such as IPsec are made more complicated. |
| Furthermore, the router, as a network layer device, should not interfere with port numbers (transport layer), yet it must do so due to NAT. |
Opmerkingen