Networking: Network Address Translation (NAT)

Published on April 11, 2022 at 7:38 pm by LEW
Print 🖨 PDF 📄 eBook 📱

Introduction

Network Address Translation or NAT is a process that allows a private network segment to use a single public IP address for all internal clients, while hiding the client private IP address. There are a number of different ways to achieve this, but we are going to stay away from overly detailed technical discussions of the various options. Instead, we will focus on the fairly standardized outcome of the process.

The idea of NAT has been around since 1993. Its adoption and spread was driven by necessity, rather than actual planing. The original designers of IPv4 probably had no clue at the time that the Internet would expand as it did.

For a networked device to work it has to have a unique IP address. Today it is not only computers that use IP addresses. There are cell phones, smart TV’s smart cars, security systems, and smart appliances that have IP addresses. I think the original designers of the IPv4 address space would have been surprised that a clothes dryer would need a IP address.

It was this expansion that drove the almost universal adoption of NAT, mainly for the purpose of conserving the rapidly dwindling IPv4 address pool (which is now basically exhausted).

What NAT does

Basically NAT allows a local private LAN to have a single public IP address, and a large number of private IP addresses. Back in the early days, the Internet Engineering Task Force (IETF) published RFC 1918 which, in section 3, blocked off several ranges of IPv4 addresses as private. A private address, by convention, would never be directly exposed/routable on the internet. Thus you can have multiple devices around the world with the same private IP addresses, and not violate the unique IP address requirement.

NAT is the process of routing information from a private IPv4 address to a public IPv4 address, and back again. While the methodology may differs, they all share similar end results.

NAT is a service provided by most consumer routers you will see in the home. It is transparent to end users, and required for all devices on your private network to communicate with the outside world.

Procedural NAT

Procedural, in this case, means we will be discussing what NAT does, not necessarily how it is done. Keeping things as simple as possible we start with your local computer, and follow a packet of information out to a public server and back.

Note, when you send information over the Internet, it is not sent as a continuous stream, but rather broken down into multiple smaller segments referred to as packets.

  1. A stream of packets is sent form your computer (at 192.168.10.124), over your Local Area Network (LAN) to your router (at 192.168.10.1).
  2. The NAT service on your router examines the packet header to see where it came form (192.168.10.124) and where it is going to (172.217.24.110).
  3. In this case the IP address is outside the private LAN. The NAT service will rewrite your computer IP address with then public IP address provided by your ISP, and note that you sent this communication before forwarding the packet.
  4. The packet will transit the public IPv4 space (often referred to as WAN) until it arrives at 172.217.24.110.
  5. If 172.217.24.110 responds, its packet will traverse public IPv4 space until it arrives at your public IP address.
  6. The NAT service on your router examines the header of this incoming packet and compare sit to its records. If it determines this is a response to the packet you sent, it replaces the public IP address with your private IP address, and forwards the packet across your private LAN.
  7. The return packet finally arrives at your computer.

Notes and Implications

This is a high level view and an over simplification. Lots of things have to happen for this to work. But thankfully they are transparent to the end user most of the time.

The NAT service on your router examines every incoming packet. If it cannot find a match in its history, it simply drops the packet (there are ways around this, like port forwarding but that is beyond the scope of this discussion). The implication of this behavior is that your router acts in some respects like a fire wall dropping unsolicited packets.

Conclusion

This has been a short non technical overview of Network Address Translation or NAT for short.  Its purpose has been to provide some understanding of what NAT is to the non technical user.

SharePin It!

Add New Comment

Your email address will not be published. Required fields are marked *