Network Address Translation Part I
NAT (Network Address translation):
In simple words NAT is about IP address translation or
conversion. This translation could be for two purposes
- Translation of Private addresses into Public addresses
- Translation of internal addresses to avoid duplication or for Topology hiding
As you know private IP addresses are not routable on the
internet, that’s why we need to configure NAT on our gateways to talk to public
internet domain. The duplication of
addresses can take place if we merge two organizations and they both have the
same IP plan, in such case NAT is used to avoid such issues via a DNS server.
As discussed in VLSM and CIDR, IP address preservation was also one of the main
causes behind the induction of NAT.
NAT working:
The above diagram explains NAT in its simple form. NAT is
configured on the Gateway and address translation or mapping take place here.
The Global Network is unaware of the internal local addresses of our network,
that’s why it’s helpful in hiding our network topology.
Types of NAT:
There are three types of NAT, mostly used in network design.
- Dynamic NAT
- Dynamic NAT with overload (also called
PAT: Port Address Translation)
- Static NAT
While implementing NAT on a router, we first define an ACL (normally
standard Access Control list) to define the internal IPs that we are going to
translate. These addresses are technically called Inside Local addresses. Then
we apply our NAT commands in global configuration mode, specifying the list of
addresses in our ACL and the public addresses in which we want to translate it.
These public addresses are technically called Inside Global.
Dynamic NAT: In dynamic NAT, as the name suggest the address
translation take place by allocating available Public IPs from a pool
dynamically. We define a pool of global IP addresses for NAT and then this pool
is associated with address local IPs for translation. The address translation
works, until all of the addresses in pool are consumed and network established
via it.
Dynamic NAT with overload or PAT: overloading is used to
enhance the addressing capability of NAT and for this magic, PAT is used. PAT
stands for Port address translation, so as the name implies, port numbers are
used with local hosts. At the same time, port numbers are also used with the
global inside IP. Via this association, a single global IP can be used for
around 65000 addresses! This could be better explained via below chart:
Protocol
|
Inside Local IP : Port
|
Inside Global IP : Port
|
TCP
|
192.168.3.2:1723
|
170.16.3.2:1456
|
TCP
|
192.168.3.1:1744
|
170.16.3.2:1098
|
TCP
|
192.168.3.10:1764
|
170.16.3.2:4432
|
As you can see we have a single global IP, but with different port
numbers. This table is maintained by router and it forwards the packet
accordingly. Suppose if IP 192.168.3.2:1723 has established global connection
via 170.16.3.2:1456, once any packet is received on this IP (170.16.3.2) with
relevant port number, its forwarded according to the above table to
192.168.3.2:1723. You must be aware of the fact that port numbers are used by a
host to establish different connections to the outside world and keep track of
each established connection. Suppose a connection to web server port 80 would
be like:
Inside Global IP : Port
|
Outside Global IP address: Port
|
170.16.3.2:1456
|
173.194.23.4:80
|
170.16.3.2:1098
|
173.194.23.4:80
|
170.16.3.2:4432
|
173.194.23.4:80
|
--To be continued--
Categories:
IP Masquerading,
NAT,
Network Address translation,
Topology hiding
0 comments:
Post a Comment