Professional Documents
Culture Documents
The Network Address Translation (a.k.a. NAT) is the main reason that each
client or host can communicate over the public WAN / Internet nowadays.
Multiple networks, with the same private address ranges can communicate over
the world by just simply knowing the public network address. Why NAT is
neccesarry? Why each network can’t just have one or more custom addresses ?
The depletion of the IPV4 is the main reason !
PC ------- SW1 ------- NAT R1 ------- R2 ------- NAT R3 ------- SW2 ------- WEBServer
PC sends an ICMP request packet to the R1 router with source of let’s say
192.168.100.1 to the R3 destination 209.165.100.3. The R2 de-encapsulates the
packet and see the source IP address from the field. The R1 have the NAT instance
active, so it checks the NAT Table if the 100.1 is already translated to the public
address. R1 doesn’t see the translation, so it bind the local inside address (100.1)
to an address from the NAT pool (if the NAT is dynamic. If it is configured with
static NAT, the NAT Table is already filled with a static binding). R1 replace the
100.1 source address from the packet to the new public address (let’s say
209.165.100.1). The source IP address becomes the 165.100.1 to the destination
165.100.3. R1 routes forward the packet until it reaches the R3 router. The R3
router de-encapsulates the packet and see that the destination address is the
165.100.3 IP. It checks the NAT Table and see that this public IP is already owned
by the local server, let’s say 172.16.100.1. It translates back the public address to
the private address, forward to the SW2 with 16.100.1 destination and SW2
forwards the packet to the WEBServer, so it receive the ICMP Request.
Referring to the PAT technology (Port Address Translation / “NAT on
ports”), each of the assigned public IP addresses has at the end a local port, or a
port assigned or incremented by the PAT algorithm if two local ports are identical
on the same public IP address. Usually, two PCs with the same public IP address
has a port generated automatically by the operating system and assigned to the
address. In other cases, protocols like ICMP (packets without a layer four port
number) assign the query number of the packet protocol (routers increment the
port with each packet sent to the router’s interface).
PAT is widely adopted by the ISPs, because it’s more efficient and
depletion-saving than the traditional NAT. Because the public IP address is the
same, a address or a few number of address from the PAT pool can include
hundreds of assigned devices to a global inside address. PAT, or NAT overloading
divides the available ports to 0-511, 512 – 1023 and 1024 – 65535, that’s the
theoretical number of devices a public address can handle, but reffering to the
Cisco NAT documentation, each of the translated device consume 160 bytes of
DRAM memory, so the router configuration is also a criteria. This principle is the
same with the NAT pools, the recommended maximum number of pools is 255,
because each pool created can consume up to 16 bits of memory. PAT can also
help to load-balance networks according to the Cisco NAT FAQ.
There are two types of NAT: static NAT in which a host is binded to an
specific public address, or dynamic NAT, in which a host receive a public address
from the NAT pool. In the dynamic NAT scenario, an access-list is needed.
Let’s refer to the above topology. CiscoRouter2 and CiscoRouter4 both performs
NAT technology.
CiscoRouter2 needs to specify the inbound and outbound NAT translations,
NAT documentations refers to “inside” and “outside” terminologies. CiscoRouter2
is configured on G0/0, G2/0 and G3/0 interfaces as inside interfaces, because the
it needs to except private addresses to be translated. The outside interface is
configured on G1/0, interface in which a public address is expected.
“ip nat inside source static 192.168.3.5 209.165.100.30”, the 3.5 is the PC4 IP
address.
CiscoRouter4 is performed to run static PAT on the 209.166.200.20 public
address, so PC3 configured with 172.16.10.5 is gonna be translated to the public
one by exiting to the WAN network.
To statically assign PAT, the configuration is the same with the static NAT, with
the overload keyword. An ACL is needed.
cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-
faq-00.html
datatracker.ietf.org/doc/html/rfc1918
datatracker.ietf.org/doc/html/rfc2663