Skip to content
Show
Introduction to Network Address Translation (NAT)OverviewIn computer networking, in order for two devices to communicate, each of them needs to have an IP Address. This address uniquely identifies a device on the network to allow others to communicate with it. The most common addressing method in use today is IP version 4 (IPv4) and you can find it in use in almost all networks, be it your home network or in large enterprises. With the developing technology, and with more and more devices communicating over the network this has caused a serious issue for IPv4 – the number of available addresses is finite. IPv4 addresses are 32-bit numbers meaning there are only around 4 billion available addresses. With the number of devices connected over the internet these days, we have long surpassed this number, meaning that there is no way to assign a unique address to each device. The next version of addressing, IPV6, is already available, but is not in widespread use because of different compatibility and security considerations. So how can we still have all our devices connected and communicating with each other? The answer is Network Address Translation (NAT). Reserved address spacesIn order to allow more time for the adoption of a new addressing protocol, a solution was needed to allow continued use of the IPv4 addressing scheme. As a first step to this, a few blocks of the available IP address range were reserved for special uses. Specifically, the ranges relevant in our case are:
Any IP addresses that fall within one of the above ranges is considered a private IP address. Some of these will most likely be familiar to you, these are the addresses that you would, in most cases, see for computers on your home or office networks. The idea of these private networks is that there can be no direct communication between private networks, and this would allow the re-use of IP addresses in those networks. For instance, you can set the same IP address for your computer at home and for the one in the office, but they would not be able to directly communicate with each other. Network Address TranslationHaving reserved address ranges does help to have more devices with an IP address, but it does not solve the issue of communication between private networks. This is where Network Address Translation (NAT) steps in. In order for private networks to communicate with each other or with the public internet, they need to be connected through a NAT device. In most cases, this is a router. The router is assigned a public IP address (usually received from your ISP) and also a private IP address within your private network. Let’s see how this would work using a simple example: For our case, Computer 1 wants to connect to the DNS service hosted on a server on the internet. The IP address for Computer 1 is a private address: 192.168.0.10 and the server has a public address 1.1.1.1. Computer 1 has a private IP address so it cannot communicate directly with the server so we need the following steps:
Port ForwardingThe method detailed above works well when you have a device in a private network that wants to communicate with the public internet, but if we try the other way around, we still have a problem. Let’s show this with an example: In the above diagram, we have a server on the public internet trying to send data to Computer 1. It sends a packet to the public IP of the router, but the router does not know what to do from here. There are multiple servers on the other side of the router, but to which one does the router forward the packet? This is where port forwarding rules come in. On the router, you can define a rule specifying, in example, to send all traffic on port 80 arriving at the routers public interface to port 80 on Computer 1. The router can now use this forwarding rule to handle the packet and know where to send it. In the case there are no rules defined, the router will discard the packet. This ends up having an additional advantage of adding another layer of security to the network since any server that does not have a forwarding rule defined for it, cannot be directly accessed from outside the private network. SummaryThe Network Address Translation mechanism helps to bridge the gap in network routing until IPv6 can be fully implemented. In addition to this, it also adds another layer of security to networks allowing servers to be completely blocked off from access from the public internet, while still allowing them to communicate outwards if necessary. Ready to improve your cloud costs and make the most of best-practice network optimization tools and techniques? Start for free. Share This InformationRelated PostsLeave your details and we'll get back to you shortly Thank you for requesting a free trial! You will be redirected to the downloads portal in a moment.For further questions, information, or feedback, please contact . * These fields are required. Leave your details and we'll get back to you shortly Thank you for requesting a free trial! You will be redirected to the downloads portal in a moment.For further questions, information, or feedback, please contact . * These fields are required. Which method is used to translate private IP addresses to public IP addresses?Static (map) network address translation (NAT) provides a one-to-one mapping of private IP addresses to public IP addresses. It allows you to map an IP address on your internal network to an IP address that you want to make public.
What protocol does a router use to translate private IP addresses to public IP addresses and vice versa?Dynamic NAT – In this type of NAT, an unregistered IP address is translated into a registered (Public) IP address from a pool of public IP addresses.
Which protocol is used for IP address translation?In the TCP/IP protocol, the method most commonly used to resolve server names to network addresses is the Domain Name System (DNS), an Internet directory service developed both to allow local administrators to create and manage the records that resolve server names to IP addresses and to make those records available ...
|