Implementation Principles of Huawei BasicNAT and NAPT

Implementation Principles of Huawei BasicNAT and NAPT
NAT is a very important and widely used technology of routers. However, many readers have not been clear about the working principles of NAT implementation methods, but it is actually very simple. This article first introduces the working principles of the two NAT implementation methods, and next introduces the working principles of the other two implementation methods. 6.1.2 Basic NAT implementation principle the Basic NAT method is one-to-one address translation, but note that it is not static one-to-one translation, but dynamic.

In this conversion mode, when an intranet user initiates a connection request to the Internet, the private IP address in the Request Message dynamically establishes a NAT ing table between the private IP address and the Public IP address through the prepared public IP address pool, and use the mapped public IP address to replace the source IP address (that is, the private IP address of the Intranet user host) in the message (but only convert the IP address, instead of handling TCP/UDP port numbers, and a public IP address cannot be mapped by multiple private IP addresses at the same time), and then delivered to the target host on the Internet. When an Internet host receives a request message and responds to the packet, based on the ing relationship between the private IP address and the Public IP address established in the preceding request message, the destination IP address in the message is reversed (the Public IP address mapped to the private IP address of the internal host) replace it with the corresponding private IP address, and then deliver it to the internal source host.

Figure 6-1 describes the Basic principles of Basic NAT. The implementation process is as follows (Create a public address pool on the Router):

(1) When the Host on the Intranet side needs to access the Server on the internet side, it sends a request packet (in the Outbound direction) to the Router. In this case, the source IP address in the packet is the Host's own 10.1.1.100, the destination IP address is the Server IP address 211.100.7.34.

(2) After receiving a request message from the Host, the Router selects an idle public IP address from the configured public IP address pool, establishes a NAT translation ing table between the source IP address and the Intranet-side message source IP address, including the forward (Outbound) and reverse (Inbound) directions, then, the source IP address in the packet is converted to the corresponding public IP address based on the result of the forward NAT table entry, and then sent to the public network side. At this time, the source IP address of the sent message is the converted public IP address 162.105.178.65 (No longer the original Host IP address 10.1.1.100), The destination IP address remains unchanged, and the IP address of the Server is still 211.100.7.34.

(3) when the Server receives the request message, it must send a response packet (in the Inbound direction) to the Router. In this case, it only needs to re-tune the source IP address and destination IP address in the received request message, that is, the source IP address of the packet is the Server's own IP address 211.100.7.34, And the destination IP address is the public IP address 162.105.178.65 after the private IP address of the Host is converted.

(4) When the Router receives a Response Message from the Server on the internet, it searches for the reverse NAT ing table item based on the destination IP address, the destination IP address in the message is converted to the private IP address corresponding to the Host (the source address remains unchanged) based on the search results, and then sent to the private network side, that is, the source IP address in the packet is still the Server IP address 211.100.7.34, And the destination IP address has been converted into the private IP address 10.1.1.100 of the Host.

[Experience] from the above Basic NAT implementation principle analysis, we can see that the request packet in Basic NAT is only the source IP address (the destination IP address remains unchanged), that is, you only need to care about the source IP address; the conversion of the response packet is only the destination IP address (the source IP address remains unchanged), that is, the destination IP address only needs to be concerned. The IP addresses in the two directions are the opposite.
Because the one-to-one conversion method of Basic NAT does not achieve the reuse of public network addresses, it cannot effectively solve the problem of IP address shortage, so it is not commonly used in practical applications. The NAPT introduced here can implement concurrent address translation, allowing multiple internal addresses to be mapped to the same public address, therefore, it can also be called "many-to-one address translation" or address reuse.

NAPT uses the form of "ip address + port number" for conversion, which is equivalent to adding a variable. In the end, multiple private network users can share a public IP address to access the Internet. Figure 6-2 describes the implementation principle of NAPT. The procedure is as follows (Create a public address pool on the Router):

(1) assume that the HostA host on the private network needs to access the Server on the public network and send a request packet (in the Outbound direction) to the Router. The source address in the packet is the IP address 10.1.1.100 of the HostA host, the source port number is 1025.

(2) After receiving a request message from HostA, the Router selects a pair of idle "Public IP Address: Port Number" in the configured public address pool ", create a NAPT conversion table between the "Source IP Address: Source Port Number" in the request message sent from the HostA host on the Intranet side (both positive and inverse directions are also included ), then, the "Source IP Address: source port number" (10.1.1.100: 1025) in the request message is converted to the corresponding "Public IP Address: port number" (162.105.178.65: 16384) based on the query results of the forward NAPT table) and send it to the Internet. That is, after the Router's NAPT conversion, the source IP address in the sent request message is 162.105.178.65, and the source port number is 16384. The destination IP address and destination port number remain unchanged.

(3) After receiving the request message forwarded by the Router, the Server on the Internet needs to send a response packet (Inbound) to the Router ), you only need to re-tune the source IP address, source port, destination IP address, and destination port in the received request message, in this case, the destination IP address and destination port number are the source IP address and source port (162.105.178.65: 16384) in the received request message ).

(4) When the Router receives a Response Message from the Server, it searches for the reverse NAPT table item based on "Destination IP Address: Destination Port Number, convert the message to the private network based on the search result. In this case, the destination IP address and destination port are converted into the source IP address and source port (10.1.1.100: 1025) before the request arrives at the Router ).

At this time, if the HostB host also needs to access the Server in the public network, when the request message arrives at the Router, the source IP address and source port number in the packet will also be converted, and it can still use the original public IP address of the HostA host, but the port number must be different. Assume that the original (10.1.1.200: 1028) is converted to (162.105.178.65: 16400 ). The response packet sent from the Server to the HostB must also be converted to the destination IP address and destination port on the Router. The NATP conversion ing table is used for reverse conversion from the original (162.105.178.65: 16400) to (10.1.1.200: 1028 ).

[Experience] from the above analysis of NAPT implementation principles, we can see that the request message is only converted to the source IP address and source port number (the destination IP address and destination port number remain unchanged ), that is, you only need to care about the source IP address and source port number. In the response message, the destination IP address and destination port number are converted (the source IP address and source port number remain unchanged), that is, you only need to care about the destination IP address and destination port number. Different private network hosts can be converted to the same public IP address, but the converted port numbers must be different.
Book: http://item.jd.com/11513567.html. Of this book Supporting Video Courses: Http://edu.51cto.com/course/course_id-1173.html