Welcome to the Network Engineering Domain
Pape O. Fall's Blog

NAT & PAT

Both Network Address Translation (NAT) and Port Address Translation (PAT) perform similar functions with regards to remapping RFC 1918 IP address(es) to IP address(es) on an external network segment.

With the proliferation of IoT and the rapid extension of IPv4 addresses, this technology has become essential with regards to conserving Private IP address Pool. In order to understand NAT & PAT, it is imperative to understand the problems it resolve and the underline functionality in the back end.

Nowadays, many hosts within an organization do not need access to the internet such as machines and server within a Scada Network for instance (In most cases). Hence, there is no need for a globally unique and routable IP address for the latter. IPv4 exhaustion led to the creation of Private IP addressing schemes which are defined in RFC 1918; These non-overlapping network segments are NOT routable on the internet and do not need to be registered with IANA. These addresses are to be freely use on a LAN segment with proper IP address allocation design.

 

RFC 1918 address ranges are:
10.0.0.0/8 (10.0.0.0 – 10.255.255.255)
172.16.0.0/12 (172.16.0.0 – 172.31.255.255)
192.168.0.0/16 (192.168.0.0 – 192.168.255.255)

 

NAT & PAT then come into play to translate the above addresses into routable IP address(es) for outside communication purposes. There are different methods to configure NAT but first let’s run through the terminology you will need to know in order to grasp the concept.

 

Inside Local—This is the private IP address of machine sitting on a Local Area network (e.g., a workstation’s IP address).
Inside Global—This is the public IP address that translate the private IP address. Outside network sees this IP address as your local host’s.
Outside Local—This is the local IP address from the private network, which your local host sees as the IP address of the remote host.
Outside Global—This is the public IP address of the remote host (e.g., the IP address of the remote Web server that a workstation is connecting to).

 

Let’s illustrate the above with a diagram…

NAT File 2

Here is a brief overview of what takes place in the back-end when Host A sends a request to the Web Server:

  1. Host A attempts to send a packet to the web server via 68.132.236.175 which is located outside the local segment. The packet is then sent to the router
  2. Since the destination address is outside the network and the Inside Local address is non routable, the router translates the source IP address to 108.57.60.240
  3. RT01SP receives the packet with a source of 108.57.60.240 and a destination of 68.132.236.175
  4. RT01SP rewrite the Outside Global IP to be the Outside local IP of the Web server and forward the packet through
  5. The Web server responds to the requests and the same process repeats

The above example is called Static NAT because there is a 1:1 correlation between the private IP address and the public IP address.

It is important to note that the entire NAT process is locally significant to the router performing the translation. Hence, both internal and external network are clueless of the remapping functions.

PAT on the other hand (One-to-many NAT), is often referred as “NAT Overload”. This is the most typical translation configuration you would see as it systematically reduces the waste of public IP addresses. Most companies uses Static NAT to translate Inside Local addresses of servers needing to be accessed from the outside. Users traffic are typically translated using PAT at the edge router which allows the use of a common Global IP address for numerous Private IP addresses.

Let’s illustrate it with a diagram…

NAT File 3

This what happens here:

  1. Host A, B and C send requests to the Web Server which is located out on the Internet somewhere
  2. Packets are sent to the router which needs to translate the IP addresses to a routable IP in order to reach the web server
  3. Since NAT is configured on the router, the latter amends the source IP address information in the IP datagram headers to be 108.57.60.240
  4. However, it adds a unique port number to differentiate the source of the packet as described in the PAT table. Typically, it use the source port number defined in the IP header. If it is already allocated, then it searches from an alternate port number
  5. The return traffic is sent back to the router which match it to the initial session and port number. Hence, the appropriate host

That’s all I wanted to share today. There are different design methods pertaining to NAT/PAT which we will see in different posts.

 

Classification: ADVANCED SERVICES
Posted On: 2016/02/19

Comments

  1. Pis Tall says:
    February 22, 2016 at 8:44 am

    Thank you Mr Pop for sharing all this knowledge. Your blog is very ressourcefull. I hope with the time we can get some videos very soon

  2. Pape says:
    February 22, 2016 at 11:09 am

    Hi Pis 🙂 I haven’t been writing like I used to due to time constraint. However, I’m planning on making the videos very soon.

  3. Said says:
    February 23, 2016 at 7:01 am

    Nice Post ! It’s always a pleasure to read you. J’apprécie la clarté des postes et l’agencement des explications qui facilitent a lot la compréhension.

    But i am still waitin a post on COS, Multicast .

    See you soon

  4. Pape says:
    February 23, 2016 at 1:43 pm

    What’s up buddy ! Yeah, j’etais tres occupe ces temps ci mais je vais m’y mettre tres bientot.
    Stay tuned 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

A Little About Myself

Hello I'm Pape. My friends call me Pop. I'm CCIE #48357. I enjoy my field and love to share it with others. I love to write so I'm sharing my blog with you.

Sign up to receive notifications and updates whenever new topics or videos are uploaded!

RouteLeak Calendar

September 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
30  
© Copyright 2024 @ RouteLeak