Network Address Translation (NAT)

What is Network Address Translation (NAT)?

There are currently more than 350 million active users and approximately 100 million hosts on the internet, while the precise number is unknown.

So what does NAT have to do with the size of the internet? Everything! A computer needs an IP address to communicate with other computers and Web servers on the internet. Your computer on a network is identified by its individual 32-bit IP address, which stands for Internet Protocol. In essence, it functions like your street address to pinpoint your location and deliver information to you. Theoretically, you could have $4,294,967,296$ or $2^{32}$ unique IP addresses. The number of IP addresses that are currently available is just insufficient considering the growth of the internet and the number of household and corporate networks.

Network Address Translation(NAT) is a process of assigning a unique public IP address to represent an entire group of computers. In Network Address Translation, a network device, typically a router or NAT firewall—assigns a public address to one or more devices connected to a private network. Network address translation enables a single device to serve as an agent or intermediate between a local, private network and the internet, a public network. The basic objective of NAT is to reduce the number of public IP addresses in use for security and financial reasons.

NAT can help in this situation. A single device, such as a router, can be an intermediary between a local network and the internet. This implies that a single, distinctive IP address can represent a group of computers. To understand the NAT concept more significantly, we must know the inside and outside addresses.

The Inside address refers to the addresses that must be translated. Outside addresses are those that are not under the authority of a company. These are the network addresses where the address translation will take place. Let's look at the various types of inside and outside addresses. Let's have a look at the different types of inside and outside addresses.

• Inside local address:
  An IP address that is assigned to a host on the Inside (local) network. The address is most likely not an IP address issued by the service provider, instead, these are private IP addresses. This is the inside host, as seen from the inside network.
• Inside global address:
  The IP address that is used to represent one or more internal local IP addresses to the outside world. This is the inner host as perceived from the outside network.
• Outside local address:
  Outside local address is the actual IP address of the destination host on the local network after translation.
• Outside global address:
  From the outside network, this is how the external host appears. It is the original IP address of the external destination host.

How Does NAT Work?

NAT enables a single device, such as a NAT firewall, NAT router, or other network address translation device, to act as an intermediate between public and private networks—the internet and any local networks. This allows an entire group of devices to be represented by a unique IP address when interacting with the internet.

NAT works just like a company receptionist, which works based on a set of instructions given by the owner. The owner can tell the receptionist when he will be available and which client request must be forwarded and which one is blocked. The client calls the company's main number because the public number is known to everyone and demands that he wants to talk to the company's owner. Then based on the set of instructions given by the owner, the receptionist will now decide whether to forward the call or make the client wait. The receptionist will also decide where to forward the client's request based on your instructions.

Similar concepts apply to network address translation. The request comes at the public IP address and port, and the NAT instructions direct it to the proper location without disclosing the destinations' private IP addresses. NAT also translated the private IP of a machine into a unique IP address to allow communication of the local network to the internet. NAT can handle any number of IP address requests with the help of the NAT translation table. The NAT device maintains the translation table to ensure that the correct device in the private network will get the data packet from the internet.

Assume two hosts, A and B are connected in a network. Now, both request the same destination, on the same port number, say 1000, on the host side, at the same time. If NAT translates IP addresses, then when their packets arrive at the NAT, both of their IP addresses will be masked by the network's public IP address and delivered to the destination. Destination will send replies to the router's public IP address. As a result, when NAT receives a response, it will be unclear which response belongs to which host (because source port numbers for both A and B are the same). To avoid this issue, NAT conceals the source port number and creates an entry in the NAT table.

NAT(Network Address Translation) Examples

When a host on the internal or private network with an internal IP address needs to communicate with a device outside of the private network, it will use the public IP address on the network's gateway to identify itself to the outside world, and NAT would translate the private IP address into the public address. If, for instance, a computer with the internal address $192.168.1.10$ wished to communicate with a web server on the internet, NAT would translate that address to the company's public address, which we'll name in this case $1.1.1.1$.

So that when communicating with the outside world, the internal address is recognized as the public address. This is necessary because, for the webserver to respond to this internal computer, it would need to transmit the response to the public address, which is a distinct and routable address on the internet. The private address is secret, non-routable, and concealed from the outside world, the original address of $192.168.1.10$ cannot be used. The public address for that company would be this one at $1.1.1.1$, which is visible to everyone.

The web server would now respond to that $1.1.1.1$ public address. NAT would use its records to convert the packets received from the web server intended for $1.1.1.1$ back to the internal network address of $192.168.1.10$ so that the computer that requested the original information would get the requested packets.

The two advantages of NAT are now readily apparent. First, it would reduce the number of IP addresses we need because not every computer needs a public address. Second, it would shield these private computers from prying eyes. Only the public address is visible to everyone, everything else is concealed behind it. Therefore, nothing past the public address on the firewall's or router's external interface may be seen from the internet.

What are Network Address Translation (NAT) Types?

There are generally three types of NAT, and these are mentioned below.

Static NAT

In this, one unregistered (Private) IP address is mapped to one legally registered (Public) IP address or local and global addresses are mapped one to one. Usually, this is utilized for hosting websites. Since numerous devices need an internet connection and a public IP address is required to give Internet access, these are not used in enterprises. Suppose if, 2000 devices require internet access, the company will need to purchase 2000 public addresses, which will be highly expensive.

Dynamic NAT

An unregistered IP address is converted into a registered (Public) IP address using a pool of public IP addresses in this sort of NAT. The packet will be dropped if the pool's IP address is not free since only a predetermined number of private IP addresses can be converted to public addresses.

Consider that only two private IP addresses can be translated at any given time if there is a pool of two public IP addresses. Many private IP addresses are mapped to a pool of public IP addresses because the packet will be dropped if a third private IP address tries to access the internet. When a set amount of users need to access the Internet, NAT is utilized. The company must purchase numerous international IP addresses to create a pool, which is also highly expensive.

Port Address Translation(PAT)

It is also known as NAT overload. This allows for converting numerous local (private) IP addresses to a single registered IP address. Port numbers are employed to identify the traffic or which traffic comes from which IP address. Since thousands of individuals can access the internet using just one genuine global (public) IP address, this is the most widely utilized method.

Advantages of Network Address Translation

• NAT connects various hosts to the global internet using a smaller number of public (external) IP addresses, thereby conserving IP address space.
• NAT keeps internal addresses hidden from the outside network and improves security for private networks.
• Network Address Translation provides a private IPv4 addressing scheme and avoids modifying your internal addresses if your service provider changes.
• Adding a new client to the local network environment with NAT is simpler since local devices are privately addressed.
• In terms of setting up any network, NAT provides network flexibility.
• The use of NAT significantly decreases the cases of address overlapping.

Disadvantages of Network Address Translation

• NAT uses a lot of memory since it transforms local and global IP addresses and stores the result in memory.
• NAT is not highly scalable so it doesn’t perform well at a higher scale.
• Some applications have some compatibility issues with NAT.
• As NAT converts the IP addresses so, this conversion may be time-consuming.
• NAT complicates tunneling protocols such as IPsec.

FAQs

Q: What is Network Address Translation?

A: Network Address Translation(NAT) is a process of assigning a unique public IP address to represent an entire group of computers. In Network Address Translation, a network device, typically a router or NAT firewall — assigns a public address to one or more devices connected to a private network.

Q: Does NAT Affect Internet Speed?

A: NAT only marginally impacts your internet speed. It is hardly apparent if you use a decent router to translate your IPs.

Q: Can NAT be Deployed in a Public Wireless LAN Environment?

A: Yes, NAT is deployed in a public wireless LAN environment. Users with static IP addresses can create an IP session in a public wireless LAN environment using the NAT-Static IP Support functionality, which supports users with static IP addresses.

Q: Does NAT do TCP Load-Balancing for Servers on the Internal Network?

A: Yes, NAT does TCP load-balancing for Servers on the internal network. Using NAT, you can create a virtual host on the internal network that manages load distribution among actual hosts.

Q: Can I Rate-Limit the Number of NAT Translations?

A: Yes, you rate-limit the number of NAT translations. The maximum number of concurrent NAT operations on a router can be limited with the Rate-Limiting NAT Translation function. The Rate-Limiting NAT Translation feature can be used to reduce the impact of viruses, worms, and denial-of-service attacks in addition to allowing customers more control over how NAT addresses are used.

Q: What Benefits are Offered by Network Address Translation?

A: Reusing your IP addresses with more security when NAT is enabled is simpler. NAT can also keep your internal and external IP addresses private and secure. Using only a few external IPs,

You can also save the memory of your IP address by connecting several hosts via the internet.