What is NAT
Network Address Translation, abbreviated as NAT, is a network address translation mechanism necessary for the full functioning of the Internet formed by unified computer networks under the control of the TCP/IP protocol. The key problem that NAT solves is the shortage of IP addresses, which was predicted back in the 2000s. The IPv4 Internet protocol allows you to create approximately 4.3 billion addresses, and if in the 80s of the last century this was enough, today the figure looks quite ridiculous.
They also tried to solve the problem by switching to the IPv6 protocol, which provided an almost infinite number of addresses, but due to the lack of backward compatibility and due to the high cost, it is not yet possible to implement IPv6 en masse. The process is underway, but it takes time, and so far the best alternative has become NAT technology.
The NAT works as follows – when a packet passes through the router, the IP address in its header changes. If the address is local, the router forwards it to another local computer, otherwise the data packet is sent to the Internet. The router replaces the reverse IP address of the packet with its external IP, and also changes the port number. At the same time, the combination required for reverse substitution is recorded in the temporary table. And when the client and the server complete the packet exchange, the port data is erased.
Thus, NAT allows you to save public addresses, while at the same time ensuring confidentiality, since internal IPv4 addresses are hidden.
Types of NAT
There are three varieties of this technology, differing in the method of address translation:
- Static NAT – used to build corporate networks, allows you to ensure the availability of the device outside the network.
- Dynamic NAT – maps addresses on the principle of "many to many" between local and global addresses.
- NAT Overload is a kind of dynamic, provides multicast mapping of addresses between local and global addresses using ports.
The most common option is the third type – NAT Overload. This technology works in most routers, as it allows you to simultaneously provide access to the Internet to several home users at once.
Advantages and disadvantages of NAT
The decisive advantage of this technology is the saving of IP addresses due to the fact that several internal IP addresses are broadcast into one external public one. This allows you to organize a global network more competently and compactly.
The second point is the restriction of external calls to internal hosts, which ensures an increased level of security. Private networks simply cannot broadcast their internal topology and addresses outside. This, of course, does not eliminate the need to use a firewall, but serves as an additional security barrier.
The third advantage of NAT is the high flexibility of communication with the World Wide Web. Numerous address pools, load balancing pools, as well as backup – all this ensures the reliability of network connections.
But, despite the numerous advantages, there are a number of disadvantages:
- Outdated protocols that were developed for the purpose of rapid and mass implementation of NAT cannot function if addresses are broadcast between hosts. This problem can be fixed by configuring firewalls that can replace the IP address at high levels.
- Problems with user identification arising from the previously described "many-to-one" address translation scheme.
- The probability of illusory DoS attacks - again, the problem arises when many users try to connect to one service. Using address pools allows you to partially neutralize the problem.
- Difficulties with checking the integrity of packets when using the IPsec tunneling protocol and other similar ones.
Despite the existing disadvantages, NAT is actively used all over the world, it is widely used to organize the functioning of networks using the IPv4 protocol – simply because there are no better alternatives. And you can cope with the above disadvantages if you correctly configure the operation of servers and networks.