Thursday, 14 November 2019

What is NAT and how does it work ?

What is NAT and how does it work ?

This section explains What is NAT(Network Address Translation) and how does it work, as well as its characteristics. All public IPv4 addresses used on the Internet must be registered in a regional Internet registry (RIR). Organizations can lease public addresses from an SP, but only the registered owner of a public Internet address can assign that address to a network device.
However, with a theoretical maximum of 4300 million addresses, the IPv4 address space is very limited. When Bob Kahn and Vint Cerf first developed the TCP / IP protocol suite that included IPv4 in 1981, they never imagined what the Internet could become.
With the proliferation of personal computing devices and the arrival of the World Wide Web, it soon became clear that the 4300 million IPv4 addresses would not be enough. The long-term solution was the IPv6 protocol, but more immediate solutions were needed. In the short term, the IETF implemented several solutions, including translation of network addresses (NAT) and private IPv4 addresses defined in RFC 1918 .

PRIVATE IPV4 ADDRESS SPACE

There are not enough public IPv4 addresses to assign a unique address to each device connected to the Internet. Networks are usually implemented through the use of private IPv4 addresses, as defined in RFC 1918. The following table shows the range of addresses included in RFC 1918.
Table of private IPv4 addresses.
ClassInternal Address Range RFC 1918CIDR prefix
TO10.0.0.0 to 10.255.255.25510.0.0.0/8
B172.16.0.0 to 172.31.255.255172.16.0.0/12
C192.168.0.0 to 192.168.255.255192.168.0.0/16
These private addresses are used within an organization or a site to allow devices to communicate locally. However, since these addresses do not identify individual companies or organizations, private IPv4 addresses cannot be routed over the Internet .
To allow a device with a private IPv4 address to access resources and devices outside the local network, the private address must first be translated into a public address .
NAT provides the translation of private addresses to public addresses. This allows a device with a private IPv4 address to access resources outside its private network, such as those found on the Internet.
A single public IPv4 address can be shared among hundreds or even thousands of devices, each configured with an exclusive private IPv4 address.

WHAT IS NAT?

NAT (Network Address Translation) has many uses, but the main one is to keep public IPv4 addresses . This is achieved by allowing networks to use private IPv4 addresses internally and by providing translation to a public address only when necessary.
NAT has the additional benefit of providing some degree of privacy and additional security to a network, since it hides the internal IPv4 addresses of external networks.
Routers with NAT enabled can be configured with one or more valid public IPv4 addresses. These public addresses are known as " NAT set ".
When an internal device sends out-of-network traffic, the router with NAT enabled translates the device's internal IPv4 address to a public address in the NAT set. For external devices, all incoming and outgoing network traffic appears to have a public IPv4 address from the set of addresses provided.

In general, NAT routers work at the border of an internal route network. An internal route network is one that has a single connection to its neighboring network, an entrance to the network and an exit from it. In the example in Image 2, R2 is a border router. Viewed from the ISP, R2 forms a network of internal routes.
When a device within the internal route network wishes to communicate with a device outside its network, the packet is forwarded to the border router. The border router performs the NAT process, that is, it translates the internal private address of the device to a public, external and routable address.

NAT TERMINOLOGY

According to NAT terminology, the internal network is the set of networks subject to translation. The external network refers to all other networks.
When using NAT, IPv4 addresses are designated differently, depending on whether they are on the private network or on the public network (Internet), and whether the traffic is inbound or outbound.
NAT includes four types of addresses:

  • Internal Local Address
  • Global Global Address
  • External local address
  • Global external address

When determining what type of address is used, it is important to remember that NAT terminology is always applied from the perspective of the device with the translated address:

  • Inside Local address : the address of the device that is translated through NAT.
  • Inside Global address : the address of the destination device.

NAT uses the concepts of local or global in relation to addresses:

  • Outside Local address : any address that appears in the internal portion of the network.
  • outside Global address : any address that appears in the outer portion of the network.


In the illustration, PC1 has the internal local address 192.168.10.10. From the perspective of PC1, the web server has the external address 209.165.201.1. When packets from PC1 are sent to the global web server address, the internal local address of PC1 is translated to 209.165.200.226 (internal global address). In general, the external device address is not translated (usually public IPv4 address).

  1. PC1 has different local and global addresses, while the web server has the same public IPv4 address in both cases. From the perspective of the web server, the traffic originating in PC1 seems to come from 209.165.200.226 (internal global address).
  2. The NAT (R2) router is the demarcation point between internal and external networks; and, local and global addresses.

INTERNAL, EXTERNAL, GLOBAL AND LOCAL TERMS

The terms "internal" and "external" are combined with the terms "global" and "local" to refer to specific addresses. In the illustration, router R2 was configured to provide NAT. This has a set of public addresses to assign to internal hosts.


  • Inside local address : the source address seen from inside the network. In the illustration, IPv4 address 192.168.10.10 was assigned to PC1. This is the internal local address of PC1.
  • Inside Global address: the source address seen from the external network. In the illustration, when traffic from PC1 is sent to the web server on 209.165.201.1, R2 translates the internal local address to an internal global address. In this case, R2 changes the source IPv4 address from 192.168.10.10 to 209.165.200.226. According to NAT terminology, the internal local address 192.168.10.10 is translated to the internal global address 209.165.200.226.
  • Outside Global address: the destination address seen from the external network. It is a globally routable IPv4 address and assigned to a host on the Internet. For example, the web server can be reached at IPv4 address 209.165.201.1. In general, global and local external addresses are the same.
  • Outside local address : the address of the destination seen from the internal network. In this example, PC1 sends traffic to the web server at IPv4 address 209.165.201.1. While it is rare, this address may be different from the globally routable address of the destination.
The illustration shows how traffic that is sent from an internal computer is directed to an external web server through the router with NAT enabled. It also shows how return traffic is directed and translated initially.

HOW DOES NAT WORK?

In this example, PC1 with private address 192.168.10.10 wishes to communicate with an external web server with public address 209.165.201.1.


  • PC1 sends a packet addressed to the web server. R1 forwards the packet to R2.
  • When the packet arrives at R2, the router with NAT enabled for the network, R2 reads the source IPv4 address of the packet to determine if it meets the criteria specified for translation.
  • In this case, the source IPv4 address meets the criteria and translates from 192.168.10.10 (internal local address) to 209.165.200.226 (internal global address). R2 adds this local to global address assignment to the NAT table.
  • R2 sends the packet with the translated source address to the destination.
  • The web server responds with a packet addressed to the internal global address of PC1 (209.165.200.226).
  • The R2 receives the packet with the destination address 209.165.200.226. Review the NAT table and find an entry for this assignment. R2 uses this information and translates the internal global address (209.165.200.226) to the internal local address (192.168.10.10), and the packet is forwarded to PC1.

No comments:

Post a Comment