If you have ever wondered how multiple devices in your home or office can connect to the internet using a single IP address, you have probably encountered network address translation (NAT). NAT is a technique that allows private IP networks to communicate with public networks like the internet. In this article, we will explain what NAT is, how it works, and why you need it.
What is NAT?
NAT stands for network address translation. It is a service that operates on a router or edge platform to translate private IP addresses in an internal network to a public IP address before packets are sent to an external network. This way, multiple devices can share a single IP address and access the internet or cloud services.
NAT was developed in the early 1990s by the Internet Engineering Task Force (IETF) as a solution to the scalability problem of IPv4. IPv4 is the protocol of today’s internet that has been in production since 1983. It uses 32-bit addresses that can support up to 4.3 billion variations. However, as more and more devices need to be connected to the internet, this number is not enough to assign a unique address to each device. This is what we know as IPv4 address exhaustion.
By using NAT, an organization needs only one IP address or one limited public IP address to represent an entire group of devices as they connect outside their network. This saves the IPv4 address space and also provides some security benefits by hiding the internal network from the public network.
How does NAT work?
Let’s say that there is a laptop connected to a home network using NAT. That network eventually connects to a router that addresses the internet. Suppose that someone uses that laptop to search for directions to their favorite restaurant. The laptop has a private IP address of 192.168.1.6, which is not routable on the internet. So, it sends this request in an IP packet to the router, which passes that request along to the internet and the search service you’re using.
But before your request leaves your home network, the router first changes the internal IP address from a private local IP address to a public IP address that can be routed on the internet. For example, it may change it to 56.8.2.4. Your router effectively translates the private address you’re using to one that can be used on the internet, and then back again when the response comes in. The router keeps track of these translations in a NAT table.
The nice thing is, though, that all routers sold today for home offices and small offices can readily translate back and forth between private IP addresses and publicly-routed IP addresses.
What are private IP addresses?
Private IP addresses are those that are reserved for internal use only and are not globally unique. They are defined by RFC 1918, which is one of the documents that define how the internet works. There are three ranges of private IP addresses:
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
These addresses can be used by any device within a private network, but they cannot be routed onto the internet directly. If you were to try sending a packet with a private IP address onto the internet, it would be dropped by any router that receives it.
What are public IP addresses?
Public IP addresses are those that are globally unique and can be routed onto the internet directly. They are assigned by regional internet registries (RIRs) such as RIPE NCC, which is responsible for Europe, Middle East and Central Asia regions.
Public IP addresses are scarce and expensive, so they are usually allocated dynamically by ISPs or organizations using DHCP or other protocols.
What are NAT types?
There are three different types of NATs: static NAT (SNAT), dynamic NAT (DNAT), and port address translation (PAT).
Static NAT (SNAT)
In SNAT, each device IP address is mapped to a single public address that never changes. This means that each device has a fixed and predictable public IP address when communicating with the internet.
SNAT is useful when you need to access a device from outside your network using its public IP address, such as hosting a web server or a VPN server.
However, SNAT also has some drawbacks:
- It requires one public IP address for each device, which can be costly and wasteful.
- It does not support load balancing or failover between multiple devices.
- It may cause conflicts if two devices have the same private IP address.
Dynamic NAT (DNAT)
In DNAT, each device IP address is mapped to a different public address from a pool of available addresses. This means that each device has a variable and unpredictable public IP address when communicating with the internet.
DNAT is useful when you need to conserve public IP addresses and distribute them among multiple devices.
However, DNAT also has some drawbacks:
- It does not allow devices to be accessed from outside your network using their public IP address, unless you configure port forwarding or other techniques.
- It may cause problems with some applications or protocols that rely on the consistency of IP addresses, such as VoIP or FTP.
Port Address Translation (PAT)
In PAT, also known as NAT overload or NAPT, multiple devices share a single public IP address or a few public IP addresses. However, each device is also assigned a different port number at the end of its public IP address. This way, the router can distinguish between different devices using the same public IP address.
PAT is useful when you need to connect many devices to the internet using a limited number of public IP addresses.
However, PAT also has some drawbacks:
- It may cause conflicts if two devices use the same port number for different applications or protocols.
- It may cause problems with some applications or protocols that use non-standard ports or embed IP addresses in their data, such as SIP or PPTP.
Why do you need NAT?
NAT is a necessary technique for most organizations and home users to connect their private networks to the internet and cloud services. NAT has several benefits, such as:
- Saving IPv4 address space and delaying IPv4 exhaustion.
- Hiding internal network structure and enhancing security by preventing direct access from outside.
- Enabling multiple devices to share a single internet connection and reducing costs.
- Supporting the coexistence and transition between IPv4 and IPv6 networks using NAT64 translations.
However, NAT also has some limitations and challenges, such as:
- Breaking the end-to-end principle of the internet and introducing complexity and overhead in packet processing.
- Interfering with some applications and protocols that require direct communication or consistent IP addresses.
- Requiring additional configuration and management of routers and firewalls.
Conclusion
NAT is a widely used technique that enables private IP networks to use the internet and cloud. NAT translates private IP addresses in an internal network to a public IP address before packets are sent to an external network. There are different types of NATs, such as SNAT, DNAT, and PAT, that have different advantages and disadvantages. NAT has several benefits, such as saving IPv4 address space, enhancing security, and supporting IPv6 transition. However, NAT also has some limitations and challenges, such as breaking the end-to-end principle, interfering with some applications and protocols, and requiring additional configuration and management.