It is a widely adopted practice within any organization having thousands of computers or other devices connected to the network. If you are new to the concept, you will get detailed information about NAT, its advantages, disadvantages, how it works, is configured, and other related details. It might sound like a complex job, but once you understand its logic, you can seamlessly configure it within your network.
What is NAT (Network Address Translation)?
Before introducing the NAT concept, all the packets are being forwarded to other devices within the network by translating the private internal network addresses into legal, globally unique ones. But NAT came to the rescue and conserved the leftover IP addresses, as it enables the private IP networks to use the unregistered IP addresses to go online.
Commonly NATs are used in remote-access environments due to their dual functionality of address conservation and security protocols. With the NAT configurations in place, the outside world can only see the single IP address for the entire network and high-end security. Below is the image of how a single IP address is available for the public network for a group of devices within the network.
Advantages of Network Address Translation
There are several advantages of implementing the NAT within your system. We have mentioned some advantages below.
- Conserving addresses - Using NAT will conserve the legally registered IP address and prevent depleting them.
- Security - NAT ensures high security as the public or the end-users will not be able to find out the IP address of the devices while sending and receiving the traffic. Also, NAT offers rate-limiting features that limit the number of NAT operations performed on the router and limit the NAT translations. This way, you can control the NAT address usage. Apart from this, it will limit the effects of the virus, malicious actions, etc. if you go for the dynamic implementations of NAT, it will create a firewall between the internal network and the internet and ensure logging and filtering of the entire NAT traffic.
- Flexibility - if you go for NAT, you do not have to worry about its deployment, as it can seamlessly be deployed within the public wireless LAN. Also, the static NAT helps the devices initiate communication with other devices on the subdomains.
- Simplicity - while using NAT, there is no need to renumber the available addresses whenever there is a change in the network. Also, you can create an inside network virtual host for seamless management of the TCP load-balancing.
- Speed - unlike the proxy servers, NAT ensures complete transparency to both the source and destination devices for direct communication, thus ensuring speedy communication. Also, NAT is a protocol for the network layer, making it quicker than the proxy servers involved in the transport layer.
- Scalability - NAT scales up quickly due to its compatibility with the DHCP, as the DHCP server rolls out the unregistered IP addresses for the subdomain from its list, resulting in more IP addresses for additional network computers instantly rather than requesting more IP addresses from IANA.
- Multi-homing - whenever you have multiple connections to the internet, it is referred to as multi-homing. This method ensures load balancing by reducing the number of devices relying on a single connection. It is helpful to establish a reliable internet connection and reduces the chances of an unexpected shutdown.
Disadvantages of Network Address Translation
Despite several benefits, there are some disadvantages that you can face.
- Consumption of resources - if you use NAT (network address translation), you need to maintain high memory resources and processor space. It will translate all the IPv4 addresses for every incoming and outgoing traffic, resulting in increased data.
- Delays - you will get some delays as it translates the results while switching the path delays.
- Less functionality - some technologies are not compatible with NAT.
- Traceability - traceability gets complicated for tunnelling. It would be best if you used the IPsec secure protocol for NAT.
How Network Address Translation Works
In-Network address translation, a single device (such as a NAT firewall, NAT router, or another device) acts as a mediator between public and private networks. An entire group of computers within a network is represented by a single unique IP address whenever they communicate with the external network. You can consider NAT a receptionist who works with specific instructions to maintain the connection. You can set some rules for NAT to deal with different devices, contacts, etc.
The external device or client will call the mediator as it is public-facing and is available to all. The NAT will reroute it without revealing the private IP addresses of the destinations or the internal devices. Similarly, Network address translation works that receive the incoming request at the public IP address and port.
Types of Network Address Translation (NAT Types)
You can use any of the below-mentioned NATs available in the market as per your requirement.
- Status network address translation (SNAT) will map the unregistered IP address using one-to-one network address translation to the registered IP address. It is generally used to access a device from an external network.
- Dynamic network address translation (DNAT) - in this type, the NAT will choose a target from a group of registered IP address and then maps an unregistered IP address to that registered IP address.
- Reverse network address translation (RNAT) - using this type of NAT, the users will connect to themselves using the internet.
- Overloading network address translation (ONAT) can refer to it as NAT overload or port address translation. It is a type of dynamic NAT that allows different ports to map multiple private, local, unregistered IP addresses to a single registered IP address. Then it will distinguish the incoming traffic based on the NAT IP address. This NAT is considered the most cost-effective solution for users connected to the internet via just a public IP address.
- Overlapping network address translation NAT. Overlapping NAT can be implemented when- two organizations having RFC 1918 IP addresses merge, or registered IP addresses are assigned to multiple devices or using more than one internal network. In these cases, the communicating networks and the organization(s) use overlapping NAT without readdressing all the devices.
The NAT router intercepts these addresses and maintains a table to replace them with registered and unique IP addresses. The NAT router must translate registered external IP addresses to those unique to the private network and translate internal IP addresses (NAT IP) to unique registered addresses. You can achieve this using DNS to implement dynamic NAT or through static NAT.
Network Address Translation Configuration
To configure a standard NAT, you will require at least one interface on a router (NAT outside), another interface on the router (NAT inside), and a standard set of rules that will be followed to translate the IP addresses.
We have explained the configuration via the below-mentioned example. Whenever a device on the internal network with an unregistered (inside, local) IP address wants to communicate with the (outside, public) network, the router will help translate the unregistered addresses within the private network to registered IP addresses. Let's see the process.
- The company will get a set of registered and unique IP addresses from the ISP, also known as the inside global addresses.
- The IT team will divide the unregistered and private addresses into different groups, where one group is small and another is a larger group. The stub domain will use the larger group (inside local addresses). The NAT routers will use the small group (outside local addresses) for translating the outside global addresses of devices within the public network.
- Generally, the stub domain devices communicate via inside local addresses. The stub domain devices already have the inside global addresses to communicate extensively with the outside network; thus, they do not require translation.
- While a typical stub domain device with an inside local address needs to send the packet to a NAT router to communicate with the outside network.
- The NAT router will check the destination address through the routing table. If there is an entry for that address, the NAT router will translate the packet and create an entry in the address translation table. The NAT router will drop the packet if the destination address is not found in the routing table.
- The router will send the packet using an inside global address.
- A public network computer will send a packet to the private network, where the destination address is an inside global address and the source address is an outside global address.
- The NAT router confirms the mapping after checking the address translation table.
- The NAT router will send the packet to the destination device after translating the inside global address of the packet to the inside local address.
NAT overloading uses multiplexing features, a TCP/IP protocol stack. Multiplexing ensures that a device will maintain multiple connections with a remote device(s) simultaneously via different ports. Where the header of an IP packet contains:
Source Address. The device's IP address sending the packet, for example, 18.104.22.168
Source Port. The assigned TCP or UDP port number for the incoming packet, for example, Port 1260
Destination Address. The device's IP address receiving the packet, for example, 52.520.21.247
Destination Port. The TCP or UDP NAT port number, for example, Port 2170
The above four pieces of information together represent a single TCP/IP connection. The addresses are for the two different devices at each end, and the port numbers are the unique identifier for establishing the connection between the two devices. Due to different possibilities for the ports, for example, 65,536 values due to 16 bits, different ports are mapped differently, so about 4,000 ports are available.
NAT Network Address Translation Example
Suppose an internal host wants to communicate with a destination network address translation web server address in the external world. It will send a data packet to the NAT gateway router to carry on the communication.
The NAT gateway router will check if the incoming packet meets the condition for translation by checking the source IP address of the packet and cross-checking it in the table. It will check its access control list to locate the authenticated hosts for internal network translation purposes. Then, the translation will provide you with an inside global IP address from the inside local IP address.
Then, the NAT gateway router will divert the packet to the appropriate destination and save the translation detail within the NAT table. The packet will go to the global IP address of the router whenever the webserver reverts to the request. The router will again refer back to the NAT table to determine the translated IP address corresponds to which global address and translate it to the inside local address. Then it will deliver the data packet to the host at their IP address. If there is no entry, then the data packet is discarded.
So what is NAT? Network address translation helps conserve the IPv4 address spaces and allows the outside world to see only one IP address for a group of connected devices. It boosts the network's security by hiding the device's actual IP address within the network and making the device on the external network communicate via NATs.
NAT protocol is a commonly used protocol for the network layer and speeds up communication. To use the IPv4 address wisely, you can implement the NAT technique within your organization.