You are probably reading this article from your mobile device or your computer using your home, office network, you are also reading it on www.hyperictech.blogspot.com this also means that you have probably used the services of NAT in order to get to this BlogSpot.
When it was discovered that the wide range of IpV4 which is 32bits and usually contains 2^32 (i.e. 2 raised to power 32) range of IP address is almost used up due to a fast growing numbers of users on the internet NAT was introduce to conserve IPV4 addresses, while IPV6 which is 128bits and can handle a larger number of host is being developed. NAT allows the global Internet to actually have far more hosts on it than its address space would normally support moreover to ensure that IPV4 and IPV6 address can be used together on the internet, NAT ensures compatibility between them.
NAT translates your unregistered private IP address to a registered address which enables you to navigate (route) outside your own private network to a public network usually the internet, by translating your unregistered LAN or Ethernet IP address to a registered address. It also makes sure that communication and exchange of data is possible between networks or hosts with different IP address versions and at the same time, it provides some security benefits by making hosts more difficult to address directly by foreign machines on the public Internet, as the internal IP addresses are changed for all the computers at the gateway level (in your router), the internal IP addresses are never revealed to the external computers receiving the packets/ intercepting the packets, although this might also cause some major limitations when it comes to implementation of video conferencing, and Voice Over Internet Protocol (VOIP) or any application that requres endt to end connectivity but not to worry, doing a little NAT Traversal on your Nat device (router), although sometimes tedious solves the problem perfectly well . There are basically different kinds of NAT depending on how it is implemented (Static NAT, dynamic NAT, Overlapping NAT, PAT (Port Address Translation), Stub domain,).
Static NAT:
This
is when a single unregistered IP address is mapped to a single registered
address. That way, the computer uses this same address whenever it goes over
the internet. Take for an example computer A has an unregistered address 192.168.1.1 and a registered address 80.16.1.23 is mapped through a static
NAT to it, this therefor means that computer A must use IP add 80.16.1.23 whenever it wants go outside
the private network usually LAN to a public network(internet). This really
works for devices that are shared on a public network. It gives the device a
permanent address on a public network, for easy remote access by multiple users
at any time. See table below;
Host Computer
|
Unregistered IP address
|
Static NAT assigned registered IP
Address
|
When mapped to each host on the LAN
|
A
|
192.168.24.1
|
80.16.1.23
|
80.16.1.23{192.168.24.1}
|
B
|
192.168.24.2
|
80.16.1.24
|
80.16.1.24{192.168.24.2}
|
C
|
192.168.24.3
|
80.16.1.30
|
80.16.1.30{192.168.24.3}
|
The IP
address translated on each computer is permanent and would not be changed
unless otherwise done by the network administrator.
Dynamic NAT:
For
most of us who must have had a little or full knowledge about DHCP or BootP
where a router randomly gives a host device an IP address from a pool/group of
private IP addresses, well its almost the same thing with dynamic NAT but just
this time the IP addresses assigned are public and registered. Dynamic
NAT Maps an unregistered IP address to a
registered IP address from a group of registered IP addresses and just like
DHCP, these addresses are leased and returned after use.
Host Computer
|
Unregistered IP address Static NAT assigned registered IP
Address
|
When mapped to each host on the LAN
|
|
A
|
192.168.24.1
|
80.16.1.23
|
80.16.1.23{192.168.24.1}
|
B
|
192.168.24.2
|
80.16.1.24
|
80.16.1.24{192.168.24.2}
|
C
|
192.168.24.3
|
80.16.1.30
|
80.16.1.30{192.168.24.3}
|
Please note
that; the major deference between dynamic and static NAT lies in the fact that
host devices get to return the addresses to the IP address pool after using
them(the leased IP address is mostly released when the device is shutdown)
unlike static NAT where a permanent registered IP address is mapped to the
device. Dynamic NAT is less expensive to implement compared to static NAT.
PAT (Port Address
Translation):
An
organization might decide that only one registered IP address is needed on her
network irrespective of the numbers of host devices on that network. You might
want to think of PAT (Port Address Translation) also
known as Overloading NAT as their best guy for the Job. It is a form of dynamic
NAT that maps multiple unregistered IP addresses to a single registered IP
address by using different ports numbers. Ports are unique endpoints of
communication on a host, so a connection through the NAT device is maintained by
the combined mapping of port number and IP address. This is also known as
single address NAT or port-level multiplexed NAT. Take for an example, LAN A
has about 3 computers see table below.
Computer
|
Unregistered IP Address
|
Port Number
|
when Translated to a registered IP Address(80.16.4.21)
|
|
A
|
192.168.24.1
|
301
|
80.16.4.21: 301{192.168.24.1}
|
|
B
|
192.168.24.2
|
302
|
80.16.4.21: 302{192.168.24.2}
|
|
C
|
192.168.24.3
|
303
|
80.16.4.21: 303{192.168.24.3}
|
Notice how each unregistered IP add on the
private network is mapped to the same registered IP address but this time each
computer will be identified on the internet by its port numbers.
Overlapping NAT
Every NAT device must have a lookup table
to check When the IP addresses used on your internal network are registered IP
addresses in use on another network while trying to communicate outside the network.
There are cases where there is an overlap between the IP addresses used for the Internal network and the IP addresses used for part of the outside network. This may be as a result of
case 1:
A Private Network to Private Network Connections where the unregistered IP address on a private network corresponds with the network address on another private network (sometime registered).
Case 2:
Invalid or wrong Assignment of Public Address Space to Private Network by the ISPs: it sometimes happen that an ISP may give the same public address space to two or more customers this may be as a result of wrong subneting by the ISP or it may be done intensionally which leads to overlapping IP addresses especially when both networks try to communicate outside at the same time.
There are cases where there is an overlap between the IP addresses used for the Internal network and the IP addresses used for part of the outside network. This may be as a result of
case 1:
A Private Network to Private Network Connections where the unregistered IP address on a private network corresponds with the network address on another private network (sometime registered).
Case 2:
Invalid or wrong Assignment of Public Address Space to Private Network by the ISPs: it sometimes happen that an ISP may give the same public address space to two or more customers this may be as a result of wrong subneting by the ISP or it may be done intensionally which leads to overlapping IP addresses especially when both networks try to communicate outside at the same time.
Some Disadvantages of NAT.
The disadvantages of NAT is often overlooked by many, considering the many advantages tat NAT has to offer, but it is also important for us to look at some of the disadvantages too;
Some Internet service providers (ISPs),
especially in the developing regions provide their customers only with local IP addresses, due
to a limited numbers of external IP addresses allocated to those entities. Thus,
their customers must access services external to the ISP's network through NAT.
As a result, the customers cannot achieve true end-to-end connectivity,there fore violating the core principles of the Internet as was laid out by the Internet
Architecture Board.The disadvantages of NAT is often overlooked by many, considering the many advantages tat NAT has to offer, but it is also important for us to look at some of the disadvantages too;
Scalability: An implementation that only tracks ports can be
quickly depleted by internal applications that use multiple simultaneous
connections (such as an HTTP request for a web page with many embedded
objects). This problem can be mitigated by tracking the destination IP address
in addition to the port (thus sharing a single local port with many remote
hosts), at the expense of implementation complexity and CPU/memory resources of
the translation device (NAT router).
Firewall complexity: Although this is more advantageous when it comes to
security because the internal addresses are all disguised behind one publicly
accessible address, it is impossible for external hosts to initiate a connection
directly to a particular internal host without special configuration on the
firewall to forward connections to a particular port. Applications such as (VOIP)
voice Over Internet Protocol, videoconferencing, and other peer-to-peer
applications must use NAT traversal techniques to function.
No comments:
Post a Comment