NAT

Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.

When the IP packets pass through the security appliances or routers, the appliances or routers will translate the source IP address and/or the destination IP address in the IP packets. In practice, NAT is mostly used to allow the private network to access the public network, or vice versa

IS IT USEFUL?

• Alleviates the depletion of IP address resources by using a small number of public IP addresses to represent the majority of the private IP addresses.
• Hides the private network from external networks, to achieve the purpose of protecting private networks.

HOW DOES IT WORK?

When a security appliance is implementing the NAT function, it lies between the public network and the private network. The following diagram illustrates the basic translation process of NAT.

As shown above, the security appliance lies between the private network and the public network. When the internal PC at 10.1.1.2 sends an IP packet (IP packet 1) to the external server at 202.1.1.2 through the security appliance, the appliance checks the packet header. Finding that the IP packet is destined for the public network, the appliance translates the source IP address 10.1.1.2 of packet 1 to the public IP address 202.1.1.1 which can get routed on the Internet, and then forwards the packet to the external server. At the same time, the appliance also records the mapping between the two addresses in its NAT table.

METHODS OF TRANSLATION

• Full-cone NAT
• (Address)-restricted-cone NAT
• Port-restricted cone NAT
• Symmetric NAT

TYPES OF NAT

• STATIC NAT: In this, a single private IP address is mapped with single Public IP address, i.e., a private IP address is translated to a public IP address. It is used in Web hosting.
• DYNAMIC NAT: In this type of NAT, multiple private IP address are mapped to a pool of public IP address. It is used when we know the number of fixed users wants to access the Internet at a given point of time.
• PORT ADDRESS TRANSLATION: This is also known as NAT overload. In this, many local (private) IP addresses can be translated to single public IP address. Port numbers are used to distinguish the traffic, i.e., which traffic belongs to which IP address. This is most frequently used as it is cost effective as thousands of users can be connected to the Internet by using only one real global (public) IP address.

APPLICATIONS

It's important to mention that two of the most important environment of applications for NAT are Routing and Load balancing.

Routing

Network address translation is used in avoiding IP address overlapping. Address overlapping occurs when hosts in different networks with the same IP address space try to reach the same destination host. This most often a misconfiguration and may result from the merger of two networks or subnets, specially when using RFC1918-network space. The destination host experiences traffic apparently arriving from the same network, and intermediate routers have no way to determine where reply traffic should be sent to. The solution is either renumbering, or implementing a network address translator.

Load balancing

In client-server applications, load balancers forward client requests to a set of server computers to manage the work load of each server. Network address translation may be used to map a representative IP address of the server cluster to specific hosts that service the request.