Powered by Blogger.

Network Address Translation Part I


NAT (Network Address translation):

In simple words NAT is about IP address translation or conversion. This translation could be for two purposes
  • Translation of Private addresses into Public addresses
  • Translation of internal addresses to avoid duplication or for Topology hiding

As you know private IP addresses are not routable on the internet, that’s why we need to configure NAT on our gateways to talk to public internet domain.  The duplication of addresses can take place if we merge two organizations and they both have the same IP plan, in such case NAT is used to avoid such issues via a DNS server. As discussed in VLSM and CIDR, IP address preservation was also one of the main causes behind the induction of NAT.


NAT working:



The above diagram explains NAT in its simple form. NAT is configured on the Gateway and address translation or mapping take place here. The Global Network is unaware of the internal local addresses of our network, that’s why it’s helpful in hiding our network topology.



Types of NAT:

There are three types of NAT, mostly used in network design. 

  • Dynamic NAT
  • Dynamic NAT with overload (also called PAT: Port Address Translation)
  • Static NAT
While implementing NAT on a router, we first define an ACL (normally standard Access Control list) to define the internal IPs that we are going to translate. These addresses are technically called Inside Local addresses.  Then we apply our NAT commands in global configuration mode, specifying the list of addresses in our ACL and the public addresses in which we want to translate it. These public addresses are technically called Inside Global.

Dynamic NAT: In dynamic NAT, as the name suggest the address translation take place by allocating available Public IPs from a pool dynamically. We define a pool of global IP addresses for NAT and then this pool is associated with address local IPs for translation. The address translation works, until all of the addresses in pool are consumed and network established via it.

Dynamic NAT with overload or PAT: overloading is used to enhance the addressing capability of NAT and for this magic, PAT is used. PAT stands for Port address translation, so as the name implies, port numbers are used with local hosts. At the same time, port numbers are also used with the global inside IP. Via this association, a single global IP can be used for around 65000 addresses! This could be better explained via below chart:


Protocol
Inside Local IP : Port
Inside Global IP : Port
TCP
192.168.3.2:1723
170.16.3.2:1456
TCP
192.168.3.1:1744
170.16.3.2:1098
TCP
192.168.3.10:1764
170.16.3.2:4432

As you can see we have a single global IP, but with different port numbers. This table is maintained by router and it forwards the packet accordingly. Suppose if IP 192.168.3.2:1723 has established global connection via 170.16.3.2:1456, once any packet is received on this IP (170.16.3.2) with relevant port number, its forwarded according to the above table to 192.168.3.2:1723. You must be aware of the fact that port numbers are used by a host to establish different connections to the outside world and keep track of each established connection. Suppose a connection to web server port 80 would be like:

Inside Global IP : Port
Outside Global IP address: Port
170.16.3.2:1456
173.194.23.4:80
170.16.3.2:1098
173.194.23.4:80
170.16.3.2:4432
173.194.23.4:80





--To be continued--

0 comments:

Post a Comment