Fundamentals of communication and networkingː Network Address Translation (NAT)

Network Address Translation (NAT) is a process where an IP packet goes through a device, usually a router, and the source and/or destination IP address is swapped for a different one.

NAT Using a Pool of Addresses edit

Imagine the scenario where a company with 1000 IP devices has been allocated a class C IP address. This only gives the company 245 unique address it can use. Thus the company uses a private address range internally such as 172.16.0.0 . This class B network has over 65,000 addresses. However these addresses are non-routable in the Internet and IP packets with this as a source address will not be returned if they make it out to the Internet. The 172.16.0.0 addresses are called Local Addresses. The Class C addresses are called Public Addresses. A router on the edge of the network connects the LAN (or LANs) inside the company to the ISP. This edge router hold a list of the allocated address from the Class C range. This is referred to as the NAT pool.

This edge router then looks for IP packets which have a destination address out on the Internet. Before the packet is sent to the ISP, the router swaps the source address (local address) in the IP Packet for an address from the NAT pool (public address). The process of swapping is called translation. A copy of translation is kept. The IP packet then traverses the Internet and hits the destination device. The reply is formed and the return IP packet is generated. The sources address the packet came in with (the public address from the NAT pool) now becomes the destination address for the return journey. The public address is routable and thus the packet is routed back to the edge router of the companies network. Here the original translation was recorded so the reverse translation can be performed on the destination address. The packets public destination address is swapped for the local address. The packet now has a destination address of the original sources and is returned to the originator.

Clearly the translation must be maintained in memory to allow the return packet to be translated back. On some occasions one outbound packet may result in my hundreds of return packets and thus the same translation will be used by all. However after some time we can assume no more packets will be comming back and the translation record can be deleted. This is typically 60–120 seconds. (How long do you wait for a web page to load before you give up ?)

NAT Using a Single Addresses edit

In the early days of the Internet, when a home user connected to the Internet via an ISP, the ISP had enough public IP addresses to give each user their own public IP address for the duration of their connection. Each home user had one PC and this device received this public address. However most home users now connect many devices to the Internet via their ISP. The ISPs do not have enough addresses to give each home several addresses. Hence as of today (2016), a home is given one IP address and this sits on the home router's external interface. Internally the home network use private address and the router's internal (LAN) interface has one of these addresses. The home devices then each get a unique address from the private range. Thus whenever an internal device sends an IP packet out to the Internet, it 'borrows' the single public address. The same is also true for small offices of just a handful of users. Hence the term 'SOHO' (Small Office/ Home Office). This process of NAT where there is only one public IP addresses is also known as NAT - overloading or Port Address Translation (PAT). (The extension exercise will reveal why it has the latter name)

Above is a typical home network showing several devices on a home network with private addresses from the 192.168.0.0 class C network. The ISP has allocated an address 82.10.250.19 which is allocated to the interface on the router connecting to the Internet. This is called the public address. Devices can communicate internally using their private addresses, but must 'borrow' the public address when sending packets out onto the Internet.

Take an example of a PC on internal network with an IP address of 192.168.0.101.

1. It generates a web request to a server at address 151.62.31.240.
2. The packet is generated with source address (SA) 192.168.0.101 and destination address (DA) 151.62.31.240
3. It is sent the edge router because the destination is not on this LAN.
4. The edge router realises it is going to send this packet out to the Internet and thus performs NAT. The source address is swapped for the public address. The translation is recorded.
6. The packet now has SA 82.10.250.19 and DA 151.62.31.240 and it heads off to the web server.
8. The web server generates the reply and swaps the sources and destination addresses.
9. The packet now has SA 151.62.31.240 and DA 82.10.250.19 and makes it way back to the router.
11. The router recalls the translation and swaps the destination address back.
12. The packet now has SA 151.62.31.240 and DA 192.168.0.101 and is sent back to the originating PC.