NAT Types NAT Advantages and Disadvantages

NAT Types Advantages and Disadvantages

In this section, you will learn about the NAT Types , including static NAT, dynamic NAT and NAT with overload (PAT). We will discus about NAT advantages and disadvantages.

NETWORK ADDRESS TRANSLATION NAT Types 

There are three types of NAT translation:

1. Static address translation (static NAT):  one-to-one address assignment between a local and a global address.
2. Dynamic address translation (dynamic NAT):  Assignment of multiple addresses to various addresses between local and global addresses. Translations are made based on availability; for example: if there are 100 internal local addresses and 10 internal global addresses, then at a given time only 10 of the 100 internal local addresses can be translated. This dynamic NAT limitation makes it much less useful for production networks than port address translation.
3. Port address translation (PAT):  Assigning multiple addresses to an address between local and global addresses. This method is also known as "overload" (NAT with overload). For example: if there are 100 internal local addresses and 10 internal global addresses, PAT uses the ports as an additional parameter to provide a multiplier effect, allowing any of the 10 internal global addresses to be reused up to 65,536 times (depending on whether the flow is based in UDP, TCP or ICMP).

STATIC NAT

Static NAT consists of a one-to-one assignment between local and global addresses. These assignments are configured by the network administrator and remain constant.

In the illustration, R2 was configured with static assignments for the internal local addresses of Svr1, PC2 and PC3. When these devices send traffic to the Internet, their internal local addresses are translated to the configured internal global addresses. For external networks, these devices have public IPv4 addresses.
Static NAT is useful, especially for web servers or devices that must have a constant address that is accessible both from the Internet and from a company's web server. It is also useful for devices that authorized personnel should be able to access when they are not in their workplace, but not the general public on the Internet. For example, a network administrator can access the internal global address of Svr1 (209.165.200.226) from PC4 via SSH. R2 translates this internal global address to the internal local address and connects the administrator session to Svr1.
Static NAT requires that there be sufficient public addresses available to meet the total number of simultaneous user sessions.

DYNAMIC NAT

Dynamic NAT uses a set of public addresses and assigns them according to the order of arrival. When an internal device requests access to an external network, the dynamic NAT assigns a public IPv4 address available from the set.
In the illustration, PC3 accesses the Internet through the first available address of the dynamic NAT set. The other addresses are still available for use. Like static NAT, dynamic NAT requires that there be sufficient public addresses available to meet the total number of simultaneous user sessions.

PORT ADDRESS TRANSLATION (PAT)

The translation of the port address (PAT), also known as " NAT with overload ", assigns several private IPv4 addresses to a single public IPv4 address or to some addresses. This is what most home routers do. The ISP assigns an address to the router, but several family members can access the Internet simultaneously. This is the most common form of NAT.
With PAT, multiple addresses can be assigned to one or more addresses, because each private address is also tracked with a port number. When a device initiates a TCP / IP session, it generates a TCP or UDP source port value or a query ID specially assigned for ICMP, in order to identify the session without the possibility of ambiguities. When the NAT router receives a packet from the client, it uses its source port number to uniquely identify the specific NAT translation.
PAT guarantees that the devices use a different TCP port number for each session with an Internet server. When a response from the server arrives, the source port number, which becomes the destination port number on the return, determines to which device the router forwards the packets. The PAT process also validates that incoming packets have been requested, which adds a degree of security to the session.

 COMPARISON BETWEEN NAT AND PAT

As shown in the illustration, NAT translates IPv4 addresses into a 1: 1 ratio between private IPv4 addresses and public IPv4 addresses. However, PAT modifies the address and port number.

NAT forwards incoming packets to its internal destination using the input source IPv4 address provided by the host on the public network. In general, with PAT there are only one or very few publicly exposed IPv4 addresses. Incoming packets from the public network are routed to their destinations in the private network by consulting a table on the NAT router. This table tracks the pairs of public and private ports. This is called " connection tracking ."
What happens to IPv4 packets that carry data that are not TCP or UDP segments? These packets do not contain a layer 4 port number. PAT translates most of the common protocols transmitted through IPv4 that do not use TCP or UDP as the transport layer protocol. The most common of them is ICMPv4. PAT handles each of these types of protocols differently. For example, query messages, echo requests, and ICMPv4 echo responses include a query ID. ICMPv4 uses the query ID to identify an echo request with its respective response. The query ID increases with each echo request sent. PAT uses the query ID instead of a layer 4 port number.

BENEFITS OF NAT

NAT offers several benefits, including the following:

• It retains the legally registered addressing scheme by allowing the privatization of intranets. NAT preserves the addresses by multiplexing applications at the port level. With NAT overloaded, internal hosts can share a single public IPv4 address for all external communications. In this type of configuration, very few external addresses are required to support multiple internal hosts.
• Increase the flexibility of connections to the public network . Several backup and load balancing sets and sets can be implemented to ensure reliable public network connections.
• NAT provides consistency to internal network addressing schemes . To change the public IPv4 address scheme on a network that does not use private IPv4 or NAT addresses, it is required to redirect all hosts on the existing network. The costs of redirecting hosts can be considerable. NAT allows to maintain the existing private IPv4 address scheme while facilitating the change to a new public addressing scheme. This means that an organization could change ISPs without modifying any of its internal clients.
• NAT hides the IPv4 addresses of users . As it uses IPv4 RFC 1918 addresses, NAT provides the side effect of hiding the IPv4 addresses of users and other devices. Some people consider it a security feature, although most experts agree that NAT does not provide security. A firewall with status detection is what provides security to the perimeter of the network.

DISADVANTAGES OF NAT

• NAT has some disadvantages. The fact that hosts on the Internet seem to communicate directly with the enabled NAT device, rather than with the real host within the private network, creates a number of drawbacks.
• Network performance deteriorates , especially in the case of real-time protocols such as VoIP. NAT increases forwarding delays because the translation of each IPv4 address within packet headers takes time.
• End-to-end addressing is lost . Many Internet protocols and applications depend on end-to-end addressing from source to destination. Some applications do not work with NAT. For example, some security applications, such as digital signatures, fail because the source IPv4 address changes before reaching its destination. Applications that use physical addresses, instead of a qualified domain name, do not reach the destinations that are translated through the NAT router. Occasionally, this problem can be avoided by implementing static NAT assignments.
• IPv4 tracking is reduced from end to end . Tracking packages that go through several address changes through several NAT breaks becomes much more difficult and, consequently, makes troubleshooting difficult.
• It causes complications in the use of tunneling protocols, such as IPsec, because NAT modifies values ​​in the headers, which causes integrity checks to fail.
• The start of TCP connections can be interrupted . Unless the NAT router is configured to support such protocols, incoming packets cannot reach their destination. Some protocols may support a NAT instance between participating hosts (for example, passive FTP), but fail when NAT separates both systems from the Internet.