Network Address
Translation (NAT)
is the process where a network device, usually a firewall, assigns a public
address to a computer (or group of computers) inside a private network. The
main use of NAT is to limit the number of public IP addresses an organization
or company must use, for both economy and security purposes.
Purposes of NAT:
NAT accomplishes these key purposes:
·
It acts as a firewall by hiding
internal IP addresses.
·
It enables an enterprise to use more
internal IP addresses, since there is no possibility of conflict between its
internal-only IP addresses and those used by other organizations. Essentially,
an organization can present itself to the Internet with fewer IP addresses than
used on its internal network, which conserves public IP addresses.
·
It allows an enterprise to bundle
multiple ISDN connections into one Internet connection.
NAT
Terminology:
·
Inside local address - Usually
not an IP address assigned by a RIR or service provider and is most likely an
RFC 1918 private address.
·
Inside global address - Valid
public address that the inside host is given when it exits the NAT router. –
When traffic from PC1 is destined for the web server at 209.165.201.1, router
R2 must translate the address. In this case, IP address 209.165.200.226 is used
as the inside global address for PC1.
·
Outside global address - Reachable
IP address assigned to a host on the Internet. – For example, the web server is
reachable at IP address 209.165.201.1.
·
Outside local address - The
local IP address assigned to a host on the outside network. In most situations,
this address will be identical to the outside global address of that outside
device.
Note: Privateð Local; Publicð Global; userð inside; ISPð outside.
The Forms of
NAT:
 |
| Static NAT |
·
Static NAT: Static NAT is a simple one-to-one mapping
of private and public addresses. This is required to support inbound
connections from your public network into your private network. For each local
address defined, there has to be an associated globally unique address.
 |
| Dynamic NAT |
·
Dynamic NAT:
Unlike static NAT that provides a permanent mapping between an internal address
and a specific public address, dynamic NAT maps private IP addresses to public
addresses. Dynamic NAT uses a pool of public addresses and assigns them on a
first-come, first-served basis. When a host with a private IP address requests
access to the Internet, dynamic NAT chooses an IP address from the pool that is
not already in use by another host. Dynamic NAT is useful when fewer addresses
are available than the actual number of hosts to be translated.
 |
| overload NAT or PAT |
·
Overload NAT or PAT: PAT
maps multiple private IP addresses to a
single registered or public IP address by using different ports. This is what
most home broadband routers do. Your ISP assigns an IP address to your router,
but you find out that all the computers in the house could connect to the
Internet at the same time. PAT uses unique source port numbers on the inside
global IP address to distinguish between translations. When a client logs on
the Internet, the NAT router assigns a port number to its source address. NAT
overload or PAT ensures that clients use a different TCP port number for each
client session with a server on the Internet. When the server response, the
client router routes the packet based on the source port number, which had
become the destination port number. This process also validates that the
incoming packets were requested, thus adding a degree of security to the
session.
Benefits and
Drawbacks of Using NAT:
NAT benefits:
·
Conserves the legally registered
addressing scheme
·
Increases the flexibility of
connections to the public network
·
Provides consistency for internal
network addressing schemes
·
Provide network security
NAT drawbacks:
·
Performance is degraded
·
End-to-end functionality is degraded
·
End-to-end IP traceability is lost
·
Tunneling is more complicated
·
Initiating TCP connections can b e
dusrupted
·
Architectures need to be rebuilt to
accommodate changes
0 nhận xét:
Post a Comment