Network Address Translation (NAT)

As we have talked about before, the Internet relies on numerical addresses, IP addresses to route data from one device to another. IPv4 offers around 4.3 billion addresses, we have discussed that that is not enough. While there is IPv6, another solution to this issue is through Network Address Translation (NAT)

NAT allows multiple devices on a private network to share a single public IP address. This not only helps conserve the limited pool of public IP addresses but also adds a layer of security to the internal network.

Private vs. Public IP Addresses

Public IP addresses are globally unique identifiers that are assigned by Internet Service Providers (ISPs). Devices with these IP addresses can be accessed from anywhere on the Internet, allowing them to communicate across the global network.

On the other hand, private IP addresses are designated for use within local networks such as homes, offices and schools. These are not routable on the global internet, so they cannot be forwarded by internet backbone routers. Defined by RFC 1918, common IPv4 private address ranges include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255. This setup ensures that these private networks operate independently of the internet while facilitating internal communication and device connectivity.

Private IP addresses contribute to conserving public IP addresses. Using Network Address Translation (NAT), a local network can utilize private IP addresses while sharing a single public IP address, reducing the number of public IPs needed. This setup makes devices accessible from the internet without using multiple public addresses. Additionally, private IPs help secure the network by isolating internal devices from direct exposure to the internet, protecting them from potential external threats.

How does it work?

Network Address Translation (NAT) is a process carried out by a router or a similar device that modifies the source or destination IP address in the headers of IP packets as they pass through. This modification is used to translate the private IP addresses of devices within a local network to a single public IP address that is assigned to the router.

For example, say that your home network has a few devices, laptop, smartphone, tablet and a smart thermostat. All of these have their own private IP addresses which they can use to connect to eachother. But when, suppose the laptop wants to access a DNS Server on the internet, it will need a public IP address. As the packet passes though the router, the router will change the private IP address into a public one. This public IP address is the same for all of the devices in the network. As the response arrives, the router's NAT table, which keeps track of IP mappings, identifies that 203.0.113.50:4444 corresponds to the laptop at 192.168.1.10:5555 (ports 4444 and 5555 are dynamic). All of this is done by the NAT process.

Types of NAT

Static NAT - Involves a one-to-one mapping, where each private IP address corresponds directly to a public IP address.

Dynamic NAT - Assigns a public IP from a pool of available addresses to a private IP as needed, based on network demand.

Port Address Translation (PAT) - Also known as NAT Overload, is the most common form of NAT in home networks. Multiple private IP addresses share a single public IP address, differentiating connections by using unique port numbers. This method is widely used in home and small office networks, allowing multiple devices to share a single public IP address for internet access.

Benefits and Trade-Offs

Benefits

• Conserves the limited IPv4 address space.
• Provides a basic layer of security by not exposing internal network structure directly.
• Flexible for internal IP addressing schemes.

Trade-Offs

• Complex services like hosting a public server behind NAT can require additional configuration (e.g., port forwarding).
• NAT can break certain protocols that rely on end-to-end connectivity without special handling.
• Adds complexity to troubleshooting connectivity issues.