"Computer network" NAT

NAT (network address translation) was proposed in 1994. When some hosts inside the private network have already been assigned local IP addresses (that is, private addresses that are used only in this private network), but now want to communicate with the host on the Internet (do not need encryption), you can use the NAT method.

This approach requires the installation of NAT software on a router that has a private network connected to the Internet. A router with NAT software is called a NAT router, and it has at least one valid external global IP address. In this way, all hosts that use local addresses will be able to connect to the Internet by translating their local addresses into global IP addresses on the NAT router when communicating with the outside world. In addition, this way of representing more private IP addresses by using a small number of public IP addresses will help to slow down the exhaustion of the available IP address space.　　There is a description of NAT in RFC 1632. In short, Nat is the use of internal addresses in the LAN internal network, and when the internal node to communicate with the external network, the gateway (can be understood as an exit, like a yard door) place, the internal address is replaced by the public address, so that the external public network (the Internet) normal use, NAT allows multiple computers to share an Internet connection, a feature that solves the problem of a shortage of public IP addresses. This way, you can only request a legitimate IP address, the entire local area network computer access to the Internet. At this point, Nat masks the internal network, and all intranet computers are invisible to the public network, and intranet computer users are not usually aware of the existence of Nat. As shown in. The internal address mentioned here refers to the private IP address assigned to the node in the internal network, which can only be used within the internal network and not be routed (a network technology that can be used for different path forwarding). Although the internal address can be randomly selected, the following address is usually used: 10.0.0.0~10.255.255.255,172.16.0.0~172.16.255.255, 192.168.0.0~192.168.255.255. NAT translates these reserved IP addresses that cannot be used on the Internet into legitimate IP addresses that can be used on the Internet. The global address refers to a legitimate IP address, which is the address assigned by the NIC (Network Information Center) or ISP (Network service provider), which represents one or more internal local addresses, and is a globally unified addressable address.

NAT functionality is typically integrated into routers, firewalls, ISDN routers, or separate NAT devices. For example, the Cisco router has joined this feature, the network administrator only need to set the NAT function in the router's iOS, can realize the shield to the internal network. For example, the firewall maps the internal address of the Web server 192.168.1.1 to the external address 202.96.23.11, and the external access 202.96.23.11 address is actually the access 192.168.1.1. In addition to small businesses with limited funding, this can now be achieved through software. This feature is included in Windows 98 SE, Windows 2000. While NAT can be implemented with some proxy servers, the computational cost and network performance are often implemented on routers.

NAT technology Type

There are three types of NAT: static NAT, dynamic address Nat (pooled NAT), network address port translation napt (Port-level nat).

Where static NAT is set to be the simplest and easiest to implement, each host in the internal network is permanently mapped to a legitimate address in the external network. While dynamic address NAT defines a series of legal addresses in the external network, the dynamic allocation method is used to map to the internal network. NAPT is the mapping of an internal address to a different port on an IP address of an external network. There are pros and cons to each of the three NAT scenarios, depending on the needs.

Dynamic address Nat is simply a translation of an IP address, which assigns a temporary external IP address to each internal IP address, is primarily used for dialing, and can also be used for frequent remote joins with dynamic Nat. When a remote user joins, the dynamic address Nat is assigned to an IP address that will be released for later use when the user disconnects.

NAPT (network address port translation), which is the port address translation, can map multiple internal addresses to a legitimate public address, but different protocol port numbers correspond to different internal addresses, that is, the < internal address + internal Port > and < external address + external port > conversion. NAPT is commonly used in access devices, which can hide small and medium-sized networks behind a legitimate IP address. The NAPT is also known as a "many-to-one" NAT, or Pat (port address, translations), address overload (addr overloading). Unlike dynamic address NAT, NAPT maps multiple internal connections to a separate IP address in the external network, adding a TCP port number selected by the NAT device to that address. That is, a NAT translation table (NAT translation table) is stored in the NAT router, and the corresponding relationship between < internal address + internal Port > and < external address + external port > is recorded in the table. When an external message arrives at the NAT router, they all have the same IP, and the router looks for the source IP address through the NAT translation table

When you use NAPT in the Internet, all the different streams appear to originate from the same IP address. This advantage is very useful in small offices, where multiple connections are connected via NAPT to the Internet via an IP address requested from the ISP. In fact, many Soho remote access devices support PPP-based dynamic IP addresses. In this way, the ISP does not even need to support NAPT, you can do more than one internal IP address to share an external IP address on the Internet, although this will cause a certain congestion channel, but considering the savings of ISP internet costs and ease of management characteristics, with NAPT is still very worthwhile.

　　

NAT Traversal method

The most commonly used NAT traversal (NAT traversal) methods for UDP are:STUN,TURN,ICE,UPnP , and so on. The ice method is most widely used because of its combination of stun and turn features. NAT penetration technology for TCP is still difficult. The practical techniques are still few.

UPNP. For NAT traversal technology, http://www.wildlee.org/2010_12_1227.html This document can be viewed.

References: 1. Baidu Encyclopedia-nat 2.http://www.emule.org.cn/topic/nat/

"Computer network" NAT