Principles of NAT technology

NAT technology Overview

With the development of the Network, Network Address Translation plays an irreplaceable role in Network construction. In essence, NAT is designed to alleviate the problem of insufficient lP addresses. In practice, NAT also has some derivative functions, such as hiding and protecting computers in the network, to avoid attacks from outside the network, facilitate the planning of internal network addresses, and so on.

The basic principles of NAT technology.

As the number of computers connected to the Internet soars, IP Address resources become increasingly tight. In practical applications, generally, users cannot apply for class C and Class B in the entire segment.IPAddress. When our enterprise requests an IP address from the ISP, the assigned IP address is only a few or a dozen IP addresses. Obviously, such a small number of IP addresses cannot meet the needs of network users. To alleviate the conflict between supply and demand, NAT technology has become an inevitable choice for enterprises and ISPs.

When an enterprise uses NAT, it is generally considered that the enterprise's internal network should be deployed using the three-segment private address specified in RFC1918. When an enterprise's internal device attempts to send data packets to the Internet using a private address as the source, NAT can modify the IP address header, the premise that the previous source IP address-private IP address is converted to a valid public IP address is that the common IP address should be the legal public IP address applied by the enterprise from the ISP). In this way, for a LAN, you can meet the needs of Intranet devices and Internet communication without having to make major changes to the private address of the internal network.

Because the source IP address of the device is replaced by the Public IP Address by NAT, the device is "Opaque" for Internet users, to ensure the security of the device. In this case, the internal private address and the external public address are one-to-one. Even we only need a small number of public IP addresses (or even one) to implement communication between all computers in the private address network and the Internet.

Common Methods for enterprises to implement NAT

In an enterprise network, there are three NAT implementation methods: static translation NAT, dynamic translation NAT, and port multiplexing PAT ).

1. Static Conversion

Static conversion refers to converting private IP addresses in the internal network to public IP addresses. IP address pairs are one-to-one and remain unchanged. A private IP address is only converted to a public IP address. The relationship between private and public addresses is manually specified by the Administrator. By means of static conversion, the external network can access certain devices (such as servers) in the internal network and make the device "Opaque" to external users ".

2. Dynamic Conversion

Dynamic conversion refers to the conversion of private IP addresses in the internal network to public IP addresses. IP address pairs are not one-to-one, but random. All private IP addresses authorized by administrators to access the Internet can be randomly converted to any specified public IP address. That is to say, dynamic conversion can be performed as long as you specify which internal addresses can be converted and which legitimate addresses can be used as external addresses. The lease time of each address is limited. In this way, when the valid IP addresses provided by the ISP are slightly less than the number of computers in the network, dynamic conversion can be used.

3. Port address multiplexing (PAT)

Using port multiplexing, you can achieve one-to-multiple conversion between one public address and multiple private addresses. In this way, all hosts in the internal network can share a valid external IP address to access the Internet. Traffic from different internal hosts is marked with different random ports, this allows you to save IP Address resources to the maximum extent. At the same time, all hosts in the network can be hidden to effectively prevent attacks from the internet. Therefore, port multiplexing is the most widely used network.

We have finished introducing the basic concepts and principles of NAT. I hope you have mastered it. In future articles, we will continue to introduce the implementation of NAT technology.