Network Address Translation (NAT) is a method of mapping the private IP address to the public IP address and vice versa. With this method, the local host in a private network can access the internet. NAT is always implemented at the routers. As they help the router to identify that to which localhost the message is to be forwarded.
In this section, we will discuss the reason behind the implementation of NAT. We will also discuss its method of working and the types of NAT.
Content: Network Address Translation (NAT)
- What is Network Address Translation (NAT)?
- How Does NAT Works?
- Types of NAT
- NAT Security
- Advantages and Disadvantages
- Key Takeaways
- Future Scope
Network Address Translation
The ISP provides a variable block of IPv4 addresses to the midsize organization. Now, what if the organization grows and requires a large block of addresses? Or the number of devices accessing the internet increase?
It would be impossible for the ISP to fulfil the increased demand for addresses. Because the range of addresses before and after the allocated range may be assigned to other small organizations.
Now, the question arises how to fulfil this increased demand for addresses?
Here, Network Address Translation (NAT) comes into the picture. With NAT midsize organizations can have several private IP addresses for a large set of computers. The private IP address allows internal communication. Whereas, few devices/computers are provided with public addresses for global communication.
Private IP addresses need to be unique inside the organization. No matter if they are not unique globally. As there are three blocks of addresses reserved for private networks.
The users can use private IP addresses without the permission of Internet authorities. The private IP addresses are not routable. That means any router will not forward the packet having private IP addresses in its destination address field.
Consider that the computer or a device with a private IP address. And this device wants to communicate (send data packet) with the outside world.
So this device will connect to the NAT capable router with the public IP address. Now here, the address translation will take place.
In the address translation, the device’s private IP address is mapped to the router’s public IP address. And the data packet is forwarded to the (destination) outside world.
Network Address Translation (NAT) is the address translation technique. It translates the private IP address to the public IP address and vice versa.
How Does Network Address Translation Work?
The NAT is a process that translates the set of private IP addresses to the set of public IP addresses. It acts as a mediator between the global network i.e. internet and the local network or private network.
Thus the NAT router provides a single unique public IP address to a group of computers/devices present in the private network.
Network Address Translation Example
Consider a small private network of a home having four devices. That is 1 laptop, 1 desktop, 1 tablet and one Smartphone, in its network. All these devices are the local host and they are provided private IP addresses. These devices are connected to a NAT router with a public IP address 18.104.22.168.
Now suppose, if the tablet user at home network wants the information about today’s news.
As you can see in the image below:
- The tablet sends a request to the server with a public IP address in the outside world.
- The server would create a reply packet with the information of today’s news.
- The reply packet will have the source as server IP address (public IP address). And destination as tablets private IP address.
- But we know the private IP address is not routable.
- The Tablet would never receive the reply as no router will forward this packet to the table.
The NAT router analyzes the request packet sent from a tablet.
- The request packet has the tablets private IP address in its source field. And servers public IP address in destination fields.
- NAT router copies the source address in the private IP address column of the translation table. And the destination (server) address in the public IP address column.
- NAT router then replaces the source private address with the NAT public IP address.
- The destination server receives the request packet. It has NAT routers public IP address as the source address.
- The server prepares the reply packet. It puts the NAT routers public IP address in the destination address field. And its own global IP address in the source address field of the reply packet.
- Now, the reply packet has the public IP address in its destination address field. It would route the packet to the destination NAT router.
- The NAT router analyzes the reply packet which has the source address as the server’s address. The NAT router then remaps the servers public IP address to the tablet’s private IP address. This is done with the help of a translation table using the source address field of the received packet. And send the reply packet to the corresponding private IP address.
Types of NAT
There can be several private IP addresses in a private network each belonging to a specific host. How does the NAT router decide that the packet it has received is for which specific host? NAT router resolves this problem by maintaining the router table as we have seen above.
Let us discuss some cases of using Network Address Translation in different scenarios. And analyze their consequence. Sometimes these different cases are considered as types of NAT.
Static NAT (Using one Universal Address)
In this case, the ISP assigns one universal or public address to one of the members of the private network. Consider a member from the private network who wants to access the global network.
Then it has to be mapped with the same public IP address. At a time only one private host is able to access the same external host. Hence we call it static NAT.
Only one private network host can communicate with the same external host. As there are no other public addresses to pair with.
Dynamic NAT (Using Pool of IP addresses)
Dynamic NAT overcomes the problem of static NAT. Where only one private host can communicate with the same global host at a time. The solution is to have more public IP addresses from the pool of global addresses.
Like, you can have four or five global addresses from the pool. And now four or five private hosts can communicate with the same external host at the same time. As there will be four or five pairs of addresses each of which defines a different connection.
Dynamic NAT also has drawbacks:
- Still, there is a limit, on the number of connections that can be made to the same external host.
- A host in a private network cannot connect to the two external server programs at a time.
- Two hosts in a private network cannot connect to the same external server program at the same time.
This problem is solved with Port NAT.
Port NAT (Using both IP address and Port Number)
Knowing the IP address is not enough. As when a request packet arrives at the server it only can identify to which computer the reply packet is to be sent.
But, it doesn’t know to which specific process in the computer the reply packet will be sent.
For this, the port address must also be attached to the IP address. It helps in identifying that for which specific process in a computer the packet is for.
Using port address along with the IP address allow a private network host to access two global server programs at the same time. And it even allows two private network hosts to access the same global server program at the same time.
Along with the translation of IP addresses, NAT also offers security and privacy to the data packets. NAT router is an intermediate agent that transfers data packets from public network to private network and vice versa. NAT firewall prevents any unauthorized thing to access the devices present in the private network.
Advantages and Disadvantages
Advantages of Network Address Translation
- With the use of private IP addresses, NAT prevents the exhaustion of IPV4 addresses.
- NAT router also provides security to the private network.
- With the NAT router, the organization can choose the IP range of their own choice for creating the private network.
- As the same public IP address can be used by multiple computers in the private network, it leads to cost reduction.
Disadvantages of Network Address Translation
- Translation of IP address in NAT router is time-consuming.
- As the NAT router traces all the incoming and outgoing data packets. And maintains information of all the data packets in the translation table, it requires huge storage.
- NAT technology may not be compatible with all the networking devices and the networking systems.
- Network Address Translation maps the host in a private network to the host in the global network and vice versa.
- NAT maintains a translation table that has entries of private and public IP addresses which helps in the routing of the message.
- NAT allows a computer in a private network to access the internet though it has a private IP address that is not routable.
- There are three types of NAT static NAT, dynamic NAT and port NAT.
- In the Static NAT, only one member in a private network has a global IP address. So, only one host in a private network can connect with the same external host at a time.
- Dynamic NAT picks multiple global addresses from the pool of global addresses so that, multiple private hosts can be mapped to these global addresses.
- Dynamic NAT allows multiple hosts in a private network to connect with the same global host at the same time.
- But, the Dynamic NAT does not allow a host in a private network to connect with a global server program at the same time. And it doesn’t even allow two private hosts to access the same global server program at the same time.
- Port NAT uses the port number along with the IP addresses. It helps in Identifying to which specific process in the computer the message has to be delivered.
NAT may not be required in future when complete IPv4 addresses are replaced with IPv6 addresses as there is an enormous range of addresses in IPv6. Such that all devices over the world will have public IP addresses.