NAT stands for Network Address Translation and it is used to convert a private IP address into a public IP Address and a public IP Address into a Private. Now, the question is why do we need NAT, How NAT works, what are the advantages and disadvantages of NAT in networking. Everything I am going to explain to you in this post. Show
What is NAT (Network Address Translation) | How NAT is configured in Router and act as a Firewall Uses of NAT in NetworkingWe use NAT because of the shortage of an IP address. IPv4 is a 32-bit address which has around 4,294,967,296 (4.2 Billion) IP addresses and the population in our beautiful world is more than 7 billion. Most of the users are using multiple devices too such as a smartphone, laptop, tab, desktop, etc. So, 4.2 Billion IP address is not sufficient for 7 billion of devices, right. For this reason, we use NAT (Network Address Translation). How NAT works in a computer networkLet’s take an example, there are 1000 computers in a network but only one internet connection. How it is possible for these 1000 devices to access this single internet, right. It is possible with the help of NAT. All 1000 computers are assigned with the private IP address i.e. (10.0._._) and connected to the router. This router is directly connected to the internet and configured with NAT. Whenever PC 1 assigned with the IP address 10.0.0.1 trying to access the internet (www.google.com) then, it will first send the request to the router. Your router configured with NAT convert this private IP address into a public IP address (10.0.0.1 – 12.0.0.1) and then forward the request to the google web server. But, before forwarding this request, the router saves this information in the NAT forwarding table. So, that the time it gets a reply from the web server it can convert the public IP back to the private IP (12.0.0.1 – 10.0.0.1) and deliver the information to the requested PC. NAT also provides strong protection against unauthorized users, because unauthorized users cannot view any of the systems behind the NAT. To other systems on the Internet, the entire private network looks like just one system i.e. NAT system. NAT has become popular for networking as it protects the private network from hackers and like this, it also acts as a firewall. Advantages of NAT (Network Address Translation)
Disadvantages of NAT (Network Address Translation)
In the previous chapter, we saw how DHCP is useful in assigning ip addresses to hosts in a network. In this chapter, we will look at another important ip service that helps hosts access the internet. We will learn about, NAT operation and IPv4, and configure and troubleshoot NAT. NAT in today’s networksIn previous topics, we learnt about IPv4 addressing and how we can address network devices. We also learnt that there are different types of IPv4 addresses: such as the RFC 1918 addresses. There are 2^32 ip addresses which is: 4 294 967 296 (four billion) however, not all these can be used and the number of remaining ip addresses is reducing. The table below shows the ranges of private addresses as defined by RFC 1918: These IPv4 addresses are reserved for private network communication and cannot be used to communicate on the internet. The need to connect to the internet presents us with a major problem. We cannot use private IPv4 addresses to access the internet and at the same time, the number of public IPv4 addresses is limited. Therefore, we need a way in which hosts in our network that have been assigned private IPv4 addresses can access the internet. NAT (Network Address Translation) is our solution to the internet connectivity problem. With NAT, an enterprise can use a few number of public IPv4 addresses to access the internet even if they have many hosts who have been assigned private IPv4 addresses. What is NAT?Take the analogy of an office receptionist. In company ABC, we have 10 employees, including the secretary. Each employee has a desk and a phone that serves in internal communication between employees, this phone system is routed through a PBX system. The receptionist has a phone line that is used to communicate with different people externally. However, in this scenario, there are times an employee may want to make a call to a client or a partner organization, for this, the call is routed through the receptionist’s desk and forwarded. It is highly unlikely that all the employees will want to make external calls and therefore this solution is efficient and it saves the company money. NAT, works like the receptionist. The figure below shows NAT operation. In this scenario, there are two networks that are connected by the stub router. The network in which PC 1 is in is a stub network and devices in this network can only access outside resources using the stub router. When PC 1 wants to access a website, – shown by the red arrow, it sends the packet to the stub router. When the router receives this packet, NAT translates it to a form that can be routed to the internet – shown by a magenta arrow. The packet is then forwarded to the internet. When the reply comes back, NAT on the stub router, NAT knows where the packet came from and it forwards it to PC 1. NOTE: NAT works by translating the RFC 1918 private IPv4 addresses we use in our internal networks into public IPv4 addresses that can be routed over the internet. This also enhances security because users in external public networks cannot access information on private networks, however, this does not mean that NAT is a replacement for firewalls. NAT terminologyThe figure shown below demonstrates the terminologies used when we configure NAT. in this scenario, R1 is configured for NAT. this means that it has public IPv4 addresses that it can give to PC1 and other hosts for accessing the internet. Inside local address – these are the private IPv4 addresses as defined by RFC 1918 that are used to address hosts in the private networks. Inside global address – this is an IP address that can be used by a host in the internal network to access the internet. In our scenario, the IP address that PC1 can use to access the internet is the 14.132.1.3 IP address. Outside global address – this is any public IPv4 address that has been configured on a device on the internet. In this scenario, the IP address that is configured on the web server is an example of an outside global address. Outside local address – this is similar to the outside global addresses and they are local IP addresses configured on any external network. Dynamic Mapping and Static MappingThere are two types of NAT translation: dynamic and static.
NAT OverloadNAT overloading, which is also known as PAT (Port Address Translation), is a way to map many private IPv4 addresses to significantly fewer public IPv4 addresses. We may have 100 private IPv4 addresses mapped to 2 public IPv4 addresses. In NAT overload, the router usually maintains different TCP/IP sessions and assigns a port to each of the devices that are connected to it. In this case, when addresses are translated, they are given the same public IPv4 address but with a different port that identifies the source device. When the router gets the reply from the internet, it matches each conversation to the correct device using the port number. The diagram below shows how this works. From the figure, PC 1 and PC 2 both want to use the internet, PC 1 has a HTTP message, for the ip address 100.89.33.61, while PC 2 sends a message to the HTTPS server located on 32.156.1.3, when the router receives these messages, NAT adds the source port information so that it can distinguish the communication streams from the two PCs. The two packets are then given the same global ip address and tagged with the port number. When the reply is sent by the HTTP and HTTPS servers, they retain the port information. Once the message is received by R1, it knows the destination of each packet based on the port that the packet is addressed to. Benefits and drawbacksSome of the benefits of NAT include:
Although NAT is beneficial and is responsible for the survival of IPv4, there are some drawbacks. However, NAT does have some drawbacks.
NAT configurationStatic
|