Network Address Translation (NAT)

Network Address Translation (NAT) is a networking technique that allows multiple devices within a private network to access external networks (like the Internet) using a single public IP address. By translating private IP addresses into public IP addresses and vice versa, NAT conserves the limited pool of IPv4 addresses and adds a layer of security by masking internal addresses from the outside world.

Note: IPv4 provides only 2³² (about 4.3 billion) addresses, which is insufficient considering the massive number of devices connected to the Internet. NAT prevents IP exhaustion by enabling thousands of private devices to share a limited number of public IP addresses.

Working of NAT

When a device within a private network wants to communicate with the Internet, the request first goes to the NAT - enabled router. The router replaces the private IP address with its public IP address and assigns a unique port number. This mapping is recorded in the NAT table.

Note: When the response arrives from the external server, NAT uses the stored entry to identify the correct internal device. It then replaces the public IP and port with the original private IP and forwards the packet back to the device.

This mechanism ensures:

• Multiple devices can share a single public IP.
• Internal addresses remain hidden from external networks.
• Port numbers help differentiate traffic from different devices.

Examples of NAT Usage

• Connecting Private Networks to the Internet: A NAT - enabled router translates all private IPs to a single public IP, allowing internal devices to access the Internet securely.
• Linking Multiple Office Locations: Organizations use NAT to translate IPs between branches, enabling communication across locations while maintaining private IP schemes internally.

Why NAT Masks Port Numbers?

• Suppose, in a network, two hosts A and B are connected. Now, both of them request for the same destination, on the same port number, say 1000, on the host side, at the same time.
• If NAT does only translation of IP addresses, then when their packets will arrive at the NAT, both of their IP addresses would be masked by the public IP address of the network and sent to the destination.
• Destination will send replies to the public IP address of the router. Thus, on receiving a reply, it will be unclear to NAT as to which reply belongs to which host (because source port numbers for both A and B are the same).
• Hence, to avoid such a problem, NAT masks the source port number as well and makes an entry in the NAT table. 

NAT Inside and Outside Addresses

Inside refers to the addresses which must be translated. Outside refers to the addresses which are not in control of an organization. These are the network addresses where the translation will occur.

• Inside local address: An IP address that is assigned to a host on the Inside (local) network. The address is probably not an IP address assigned by the service provider i.e., these are private IP addresses. This is the inside host seen from the inside network. 
• Inside global address: IP address that represents one or more inside local IP addresses to the outside world. This is the inside host as seen from the outside network. 
• Outside local address: This is the actual IP address of the destination host in the local network after translation. 
• Outside global address: This is the outside host as seen from the outside network. It is the IP address of the outside destination host before translation.  

Types of NAT

1. Static NAT

• Maps one private IP to one public IP (one - to - one mapping).
• Commonly used in hosting, but not cost - effective for large organizations since each device requires a public IP.

2. Dynamic NAT

• Maps private IPs to public IPs from a predefined pool.
• If the pool is exhausted, additional requests are dropped.
• Suitable for networks with a limited number of users but still costly.

3. Port Address Translation (PAT)

• Also called NAT Overload.
• Multiple private IPs share a single public IP, with unique port numbers distinguishing traffic.
• Most widely used because it’s cost - effective and supports thousands of users with a single public IP.

NAT Techniques

• Static Mapping: Maps a specific private IP to a fixed public IP.
• IP Masquerading: Hides an entire private network behind a single public IP.
• Translation Table Mapping: Uses a NAT table to track multiple private - public mappings.
• PAT (Port Address Translation): Adds port - level translation for efficient IP usage.
• Round - Robin Mapping: Distributes incoming connections from a single public IP to multiple private IPs in sequence.

Pros of NAT

• Conserves IPv4 addresses.
• Enhances security by hiding internal IPs.
• Supports multiple devices using a single public IP.
• Simplifies network administration when merging private networks.

Cons of NAT

• Can increase processing overhead on routers.
• May cause issues with applications requiring end-to-end connectivity (e.g., VoIP, gaming).
• Difficulties in traceability since multiple devices share the same public IP.

Network Address Translation (NAT)

Visit Course