Due to the huge growth of the Internet and the rapid proliferation of devices connected to it, IPv4 routing (32 bits for address allocation) on which the logical infrastructure of network addressing was based became obsolete and was no longer enough to support all the devices connected. What’s more, the number of addresses available is less in reality than in theory, as all of these addresses are divided into classes; some are reserved for multicast and others for special purposes.
To resolve this conflict, a protocol, known as IPv6, that was capable of assigning more Internet addresses was designed, but it has not yet been completely implemented in the Internet. Until this method is completely implemented, various methods can be used to resolve this problem, such as configuring a proxy server or using the network address translation method, commonly known as NAT.
What is NAT?
NAT (Network Address Translation) is a standard created by the Internet Engineering Task Force (IETF) that uses one or more IP addresses to connect various devices, which have a completely different IP addresses (normally an invalid Internet IP defined by the RFC 1918), to another network (usually the Internet).
Network address translation or NAT allows the addresses of packets to be modified so that a private network can be masked, allowing it to connect to the Internet with a single public address. NAT also offers services hosted in different systems through a single address.
NAT must be used when the number of IP addresses assigned by the Internet Service Provider is lower than the number of computers that are going to connect to the Internet.
This often happens in companies with extensive internal networks. Similarly, the Internet service provider might only allocate one valid address to the company. In this case, NAT is configured to allow the different LAN devices to access the Internet through the valid IP allocated by the service provider.
In this way, as well as the IP address, the NAT device is configured to associate a port to correctly route the packets to the hosts. These problems can also occur in small home networks and are a feasible solution to enable an Internet connection without needing to reconfigure the internal network.
NAT allows reserved address blocks to be used:
- 0.0.0.0/8 (10.0.0.0 - 10.255.255.255)
- 172.16.0.0/12 (172.16.0.0 - 172.31.255.255)
- 192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
When packets pass through the NAT device, they are modified to make it seem that they come from the same NAT device. The NAT gateway logs the changes made in its state table in order to:
- Invert the changes in the packets returned.
- Ensure that the packets returned pass through the firewall and are not blocked.
Neither the internal computer nor the Internet hosts are aware of these translation steps. The IP address translation process is transparent to the end user.
For the internal computer, the NAT device is simply an Internet gateway. For the remote Internet client, the packets come directly from the device that is carrying out the NAT functions.
When a response packet is received, the NAT gateway refers to the state table to determine if the packet corresponds to a connection established. Then, it will find a single concordance, based on a combination of the IP address and port, specifying that the packet belongs to a session started by the internal computer in the private network. Before forwarding the packet, the NAT device inverses the changes made to the outbound packet and forwards the response packet to the internal computer. NAT is widely used in companies and home networks, as only a single public IP address is needed to connect multiple devices.