Precautions for NAT router Principles and Applications

Many people may not be very familiar with the NAT router principle, so I have studied the NAT router principle and precautions in its application. I would like to share with you here and hope it will be useful to you. IP address depletion facilitates the development of CIDR, but the main purpose of CIDR development is to effectively use the existing internet address. At the same time, NAT developed according to RFC 1631IP Network Address Translator can use the same IP Address in multiple internet subnets to reduce the use of registered IP addresses.

NAT routing technology allows a private network to connect to the external world through an internet registered IP address. The NAT router in the inside network and the outside network is responsible for translating the internal IP address into an external legal IP address before sending data packets. Hosts on the internal network cannot communicate with the external network at the same time, so only some internal addresses need to be translated.

NAT translation can be static translation (static translation) and dynamic translation (dynamic translation. Static translation matches the internal address with the external address. Dynamic Translation is used when NAT needs to determine which address needs translation and which address pool is used for translation. Using portmultiplexing technology, or changing the Source port Technology of outbound data, multiple internal IP addresses can be mapped to the same external address, which is PATport address translator ). The load distribution Technology of TCP can be used when an external IP address is mapped to an internal IP address. When this feature is used, the internal host directs new external connections to different hosts Based on the round-robin mechanism. Note: load distributiong is valid only when the external address is inner.

NAT usage:

A. connect to the internet, but there is not enough legal address assigned to the internal host.
B. Change it to an ISP whose IP address needs to be reassigned.
C. merge two internat instances with the same IP address.
D ).

After using NAT, one of the major changes is that you lose the traceability of the Peer IP address. That is to say, you can no longer use ping and traceroute through NAT, second, some IP-to-IP programs can no longer run normally. The potential disadvantage is that they increase network latency. NAT supports most ip protocols. However, note that tftp, rlogin, rsh, rcp, and ip multicast are supported by NAT, followed by bootp, all snmp and NAT router updates are rejected. Several concepts related to NAT:

Inside Local IP address: Specifies the host address of the internal network, which is globally unique but private.
Inside Global IP address: a valid IP address that represents one or more internal IP addresses in the external world.
Outside Global IP address: The valid IP address of the external network host.
Outside Local IP address: Host address of the external network. It looks like a private IP address of the internal network.
Simple Translation Entry: the Entry from the IP address to another address.
Extended Translation Entry: the Entry from the IP address and port to another pair.

A. Internal address Translation (Translation inside local addresses ):
This is a common method of translating an internal IP address one to one into an external IP address.

When the internal host is connected to the external network, when the first packet arrives at the NAT router, the router checks its NAT table. because NAT is configured statically, You can query the simply entry ), then, the router replaces the local IP address of the packet with the Global IP address and forwards the packet. The external host receives the data packet and responds with the received internal global address. NAT accepts the data packet from the external, translates the address into an internal local IP address based on the NAT table, and forwards the data packet.

B. overloading inside glogal addresses)

Use the address and port pair to film multiple internal addresses to a small number of external addresses. This is also called PAT. Like internal address translation, NAT router is also responsible for querying the table and translating internal IP addresses. The only difference is that with overloading, the router will reuse the same internal Global IP address, and store enough information to distinguish it from other addresses. In this way, the extended entry is queried. The communication between the NAT router and the external host uses the translated internal global address, so there is no difference in the same general communication. When the router communicates with the internal host, you also need to check the NAT table.

C. TCP load redistribution (TCP load distributing) is different from the preceding two operations. This is the translation of NAT from external to internal, therefore, it is wrong to assume that the WEB server must be placed outside the NAT.

Working principle: the external host is defined as an internal global address for the VM. The NAT router accepts requests from the external host and establishes a connection with the internal host based on the NAT table, the internal global address destination address is translated into an internal local address, and data packets are forwarded to the internal host. The internal host accepts the packets and responds accordingly. The NAT router then uses the internal local address and port to query the data table and responds to the queried external address and port. In this case, if the same host makes a second connection, the NAT router establishes a connection with the other virtual host based on the NAT table and forwards the data.

D. Process overlapping networks.

This method is mainly used for the interconnection of two Intranets. It also provides a method for us to process two overlapping networks. Its implementation requires that DNS server support be used to distinguish two different hosts ).

1. host a needs to establish A connection to host C. It first performs address query like DNS server.

2. NAT router intercepts DNS responses. If the addresses overlap, the addresses returned by translation will be translated. It creates a simply entry to translate the overlapping external global address destination address into an external local address.

3. The NAT router forwards the DNS response to host A, which translates the external global address of host C into an external local address.

4. When the NAT router receives A packet from host C, it establishes A local, global, and global conversion between external and local addresses. host a will be directed to the internal local address source address) translation into an internal Global Address, host C will translate from an external global address to an external local address.