Video-Demo-Tour

Ask us


I agree to the terms of the Privacy policy
I agree with the provisions on data protection. I agree that Protelion will process the personal data provided by me electronically for the processing of my request and contact me, according to my explicit request, for the processing of my request. I can revoke my consent at any time with effect for the future.

Your request was sent successfully.
We’ll answer you as soon as possible.

OK
EN
DE ES

Home

/
 ... / 

Resources

/
 ... / 

Blog

/
 ... / 
NAT: Network Address Translation

NAT: Network Address Translation

05.08.2022

Network address translation (NAT) is a method used in data transmission equipment to convert an IP address into its equivalent.

NAT solves the Internet’s two main problems: IP address exhaustion (especially IPv4 addresses) and routing table overflow.

Public IP addresses identify a device connected to the Internet directly. A device connecting to the Internet is assigned an IP address from the address ranges available to an Internet Service Provider (ISP).

Assigned and used public IP addresses are under international control of the International Corporation for Assigned Names and Numbers (ICANN).

Private IP addresses function within some entity’s local area network (LAN) where several computers or devices are connected to each other. LAN hosts do not communicate with another LAN’s devices directly, so different LANs can use the same address space.

A LAN, in its turn, can connect to a public network like the Internet through data transmission equipment or a router with two or more network interfaces, one for a LAN (with private IP address) and the other for the Internet (with public IP address). Communication between the LAN devices and the Internet is due to the router with support for NAT, that is, translation of the private (internal) IP addresses to the public (Internet) ones, and vice versa.

In addition to its core features, NAT provides privacy and extra security on a LAN by hiding the LAN’s IP addresses from external networks.

In general, routers with NAT operate at the LAN edge relative to the Internet. When an internal device sends traffic outside the LAN, the border router translates the device’s private IP address to a public Internet IP address. As a result, for the external devices, all traffic coming in and out of the LAN appears to have the same public IP address.

How Does NAT Work?

NAT considers internal network only and does not distinguish external networks.

NAT devices translate IP addresses differently, depending on the network they belong to (internal/public network) and traffic direction (inbound/outbound).

When determining which IP address is used, note that there are four address types a NAT device (a router, for example) uses to distinguish between internal/external networks and local/global addresses:

  • Internal IP address: a device’s IP address to be translated
  • External IP address: destination IP address
  • Local IP address: any IP address on a LAN
  • Global IP address: any IP address on an external network

The terms “internal” and “external” are combined with the terms “global” and “local” to refer to specific addresses:

  • Local internal address: a source address as seen from the internal network
  • Global internal address: a source address as seen from the external network. A NAT device translates an internal local address to an internal global address.
  • Global external address: a destination address as seen from the external network, a globally routable IP address assigned to a host on the Internet. Usually, the external addresses, global and local one, match.
  • Local external address: a destination address as seen from the internal network

NAT Types

NAT can be of the following three types:

  • Static NAT: a one-to-one local/global address mapping
  • Dynamic NAT: a many-to-many local/global address mapping
  • Port address translation (PAT): a many-to-one local/global address mapping (also known as NAT overload)

Static NAT

Static NAT consists in a one-to-one mapping between local and global addresses. The mappings are configured by a network administrator on a border router, and are always kept constant.

When network devices send traffic to the Internet, their local internal addresses are translated to the global internal addresses specified in the NAT settings. From the external networks’ point of view, those devices have public IP addresses.

Static NAT is especially useful for web servers or devices that need a static address reachable both from the Internet and from a LAN. Also, static NAT allows remote employees to access the corporate LAN without exposing it to unathorized access of public network users.

This NAT type requires a sufficient number of public IP addresses to handle all the concurrent user sessions.

Dynamic NAT

Dynamic NAT uses a public address pool and assigns addresses on a first come, firstcserved basis. When a LAN device requests access to an external network, the dynamic NAT assigns it an available public IP address from the pool.

Like static NAT, dynamic NAT also requires a sufficient number of public addresses to handle all the concurrent user sessions.

Dynamic NAT translates a single internal address into a single external address available; thus, the pool must have enough addresses to support all internal devices accessing the external network at the same time. If the pool runs out of unoccupied addresses, an internal device waits for an available address before accessing the external network.

Port Address Translation (PAT)

Port address translation (PAT), also known as NAT overload, maps multiple private IP addresses to a single public IP address. This is the most common type of NAT as it enables multiple devices to access the Internet at the same time.

The PAT mappings are possible due to considering a combination of an IP address and port, all in order to unambiguously identify a session. When a router with NAT receives a packet, the router uses a source port number to identify the translation.

PAT ensures that devices use a different port on each connection to a server. In the server response, a source port becomes a destination port; thus a router determines a device to forward the packets to. PAT also improves security by validating that inbound packets have been requested.

PAT adds unique source port numbers to the global internal address to differentiate translations. When processing the packets, a router uses a port number to identify the device the packet came from.

For a source address, a router translates a local internal address to a global internal address with the port number added. The destination address remains unchanged but turns into a global external address. The server replies with a reversed route.

PAT tries to keep the original source port. However, if the port is occupied by a previous active session, the first available port number (0 to 65535) is assigned. When no ports are available and an address pool contains more than one external address, PAT advances to the next address to attempt mapping the original source port. This process goes on until no more ports or external addresses are available.

NAT Advantages

The most notable NAT advantages are as follows:

  • Preserves the legally registered public IP address space by allowing the internal networks to use any private IP address with no communication conflicts.
  • Improves connectivity between the internal networks and a public network (the Internet). You can implement various NAT types to provide load balancing and thus ensure reliable connectivity.
  • Provides consistency in internal network addressing by reducing redirection costs. Thanks to NAT, a company can maintain its local IP addressing while moving to the public IP addressing. Hence, the company can change an ISP without any changes to its local clients.
  • Improves security by hiding internal IP addresses from external networks and thus prevents possible cyber attacks.
bf6dfad4087be6f6344ca10ee3d9106a.jpg
Back to list

Blog

Blog
DSL Technology
26.12.2024
DSL (Digital Subscriber Line) is a family of technologies that facilitate Internet access by transmitting digital data over the twisted pair of conventional copper wires of the basic or switched telephone network.
Read more
Blog
5 Cybersecurity Myths That Put Your Business at Risk
15.12.2024
Where there is information, misinformation often follows. The two go hand in hand, and no field is immune — not even cybersecurity. Misconceptions about cybersecurity can lead businesses to poor decisions, exposing their networks and sensitive data. This article explores five common cybersecurity myths and offers practical insights to help organizations strengthen their defenses.
Read more
Blog
Wireless Connection Security - WiFi
25.11.2024
In the technology world, the term WiFi (an acronym for Wireless Fidelity) is synonymous with wireless access in general, although it is a specific trademark owned by the WiFi Alliance, a group dedicated to certifying that WiFi products comply with the 802.11 set of wireless standards of the IEEE (Institute of Electrical and Electronics Engineers), a worldwide association of engineers dedicated to standardization and development in technical areas.
Read more