πŸ’Ύ Archived View for dfdn.info β€Ί dfdn β€Ί nat.gmi captured on 2024-06-16 at 12:53:37. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-09-28)

-=-=-=-=-=-=-

Network Address Translation (NAT)

Read

Discuss

Courses

To access the Internet, one public IP address is needed, but we can use a private IP address in our private network. The idea of NAT is to allow multiple devices to access the Internet through a single public address. To achieve this, the translation of a private IP address to a public IP address is required. Network Address Translation (NAT) is a process in which one or more local IP address is translated into one or more Global IP address and vice versa in order to provide Internet access to the local hosts. Also, it does the translation of port numbers i.e. masks the port number of the host with another port number, in the packet that will be routed to the destination. It then makes the corresponding entries of IP address and port number in the NAT table. NAT generally operates on a router or firewall.

Network Address Translation (NAT) working –

Generally, the border router is configured for NAT i.e the router which has one interface in the local (inside) network and one interface in the global (outside) network. When a packet traverse outside the local (inside) network, then NAT converts that local (private) IP address to a global (public) IP address. When a packet enters the local network, the global (public) IP address is converted to a local (private) IP address.

If NAT runs out of addresses, i.e., no address is left in the pool configured then the packets will be dropped and an Internet Control Message Protocol (ICMP) host unreachable packet to the destination is sent.

Why mask port numbers ?

Suppose, in a network, two hosts A and B are connected. Now, both of them request for the same destination, on the same port number, say 1000, on the host side, at the same time. If NAT does only translation of IP addresses, then when their packets will arrive at the NAT, both of their IP addresses would be masked by the public IP address of the network and sent to the destination. Destination will send replies to the public IP address of the router. Thus, on receiving a reply, it will be unclear to NAT as to which reply belongs to which host (because source port numbers for both A and B are the same). Hence, to avoid such a problem, NAT masks the source port number as well and makes an entry in the NAT table.

NAT inside and outside addresses –

Inside refers to the addresses which must be translated. Outside refers to the addresses which are not in control of an organization. These are the network Addresses in which the translation of the addresses will be done.

Inside local address – An IP address that is assigned to a host on the Inside (local) network. The address is probably not an IP address assigned by the service provider i.e., these are private IP addresses. This is the inside host seen from the inside network.

Inside global address – IP address that represents one or more inside local IP addresses to the outside world. This is the inside host as seen from the outside network.

Outside local address – This is the actual IP address of the destination host in the local network after translation.

Outside global address – This is the outside host as seen from the outside network. It is the IP address of the outside destination host before translation.

Network Address Translation (NAT) Types –

There are 3 ways to configure NAT:

Static NAT – In this, a single unregistered (Private) IP address is mapped with a legally registered (Public) IP address i.e one-to-one mapping between local and global addresses. This is generally used for Web hosting. These are not used in organizations as there are many devices that will need Internet access and to provide Internet access, a public IP address is needed.

Suppose, if there are 3000 devices that need access to the Internet, the organization has to buy 3000 public addresses that will be very costly.

Dynamic NAT – In this type of NAT, an unregistered IP address is translated into a registered (Public) IP address from a pool of public IP addresses. If the IP address of the pool is not free, then the packet will be dropped as only a fixed number of private IP addresses can be translated to public addresses.

Suppose, if there is a pool of 2 public IP addresses then only 2 private IP addresses can be translated at a given time. If 3rd private IP address wants to access the Internet then the packet will be dropped therefore many private IP addresses are mapped to a pool of public IP addresses. NAT is used when the number of users who want to access the Internet is fixed. This is also very costly as the organization has to buy many global IP addresses to make a pool.

Port Address Translation (PAT) – This is also known as NAT overload. In this, many local (private) IP addresses can be translated to a single registered IP address. Port numbers are used to distinguish the traffic i.e., which traffic belongs to which IP address. This is most frequently used as it is cost-effective as thousands of users can be connected to the Internet by using only one real global (public) IP address.

Advantages of NAT –

NAT conserves legally registered IP addresses.

It provides privacy as the device’s IP address, sending and receiving the traffic, will be hidden.

Eliminates address renumbering when a network evolves.

Disadvantage of NAT –

Translation results in switching path delays.

Certain applications will not function while NAT is enabled.

Complicates tunneling protocols such as IPsec.

Also, the router being a network layer device, should not tamper with port numbers(transport layer) but it has to do so because of NAT.

Difference Between Network Address Translation (NAT) and Port Address Translation (PAT)

Read

Discuss

Courses

Network Address Translation (NAT): NAT, in which the Private IP address or local address is translated into the public IP address. NAT is used to slow down the rate of depletion of the available IP addresses by translating the local IP or Private IP address into a global or public IP address. NAT can be a one-to-one relation or many-to-one relation.

Example:

Consider a home network with three devices: a computer, a smartphone, and a smart TV. Without NAT, each of these devices would need to have a unique public IP address to connect to the internet. However, with NAT, all of these devices can share a single public IP address and communicate with the internet by using their private IP addresses. When one of the devices sends a request to the internet, NAT translates the private IP address of the device into the public IP address of the network and sends the request over the internet.

Port Address Translation (PAT): In PAT, Private IP addresses are translated into the public IP address via Port numbers. PAT also uses IPv4 address but with port number. It have two types:

1. Static

2. Overloaded PAT

Example:

Consider a home network with three devices: a computer, a smartphone, and a smart TV. Without PAT, each of these devices would need to have a unique public IP address to connect to the internet. However, with PAT, all of these devices can share a single public IP address and communicate with the internet by using unique port numbers. When the computer sends a request to the internet, PAT assigns it a unique port number and translates the private IP address of the computer into the public IP address of the network. The destination server on the internet receives the request and responds to the unique port number, allowing the computer to receive the response.

Difference Between Network Address Translation (NAT) and Port Address Translation (PAT):

Network Address Translation (NAT) Port Address Translation (PAT)

NAT stands for Network Address Translation. PAT stands for Port Address Translation.

In NAT, Private IP addresses are translated into the public IP address. In PAT, Private IP addresses are translated into the public IP address via Port numbers.

NAT can be considered PAT’s superset. PAT is a dynamic NAT.

NAT uses IPv4 address. PAT also uses IPv4 address but with port number.

It have 3 types: Static, Dynamic NAT and PAT/ NAT Overloading/IP masquerading. It also have two types: Static and Overloaded PAT.

Role of NAT and PAT in making internet routing efficient:

NAT and PAT can improve security: NAT can help to improve security by hiding the private IP addresses of devices on a private network from the internet. This can make it more difficult for malicious actors to target specific devices on the network, as they would not be able to see the private IP addresses of the devices. PAT can also help to improve security by allowing devices on a private network to communicate with the internet using unique port numbers, which can make it more difficult for attackers to gain access to the network.

NAT and PAT can improve performance: NAT and PAT can also improve performance by allowing devices on a private network to share a single public IP address. This can help to reduce the number of routing entries in the routing table of the router, which can improve the efficiency of internet routing.

NAT and PAT have limitations: While NAT and PAT can help to make internet routing more efficient, they do have some limitations. NAT can cause issues with certain types of internet applications that rely on end-to-end communication, such as Voice over IP (VoIP) and online gaming. PAT can also cause issues with certain types of internet applications that rely on multiple connections, such as BitTorrent.

NAT and PAT are used in combination: NAT and PAT are often used in combination to make internet routing more efficient. For example, a corporate network may use NAT to allow multiple devices on the network to share a single public IP address, and then use PAT to allow multiple devices to communicate with the internet using unique port numbers.

IPv6 addresses can alleviate the need for NAT: NAT and PAT are primarily used to address the shortage of available IPv4 addresses. However, with the increasing adoption of IPv6 addresses, which are a newer type of IP address with a much larger address space, the need for NAT and PAT may decrease in the future.

NAT and PAT are not the only technologies for improving internet routing efficiency: There are other technologies that can also help to make internet routing more efficient, such as network address aggregation, network address translation – protocol translation (NAT-PT), and carrier-grade NAT (CGN).