We often use NAT and VPN in an organization to access the remote network. Let’s understand how they work.
What is NAT or Network Address Translation?
Network Address Translation, or NAT, is a method by which IP addresses are mapped from one group to another. The address translation is transparent to the end users. NAT is usually used when a network’s internal IP addresses cannot be used outside the network because of privacy reasons or because they are invalid outside the network.
For example, many small offices have multiple network nodes. Still, the Internet Service Provider assigns a single IP address to the remote access router. Using NAT, any network node in the network can access remote networks simultaneously using the single IP address assigned to the router.
In basic NAT, IP addresses are mapped from one group to the other. In NAPT, multiple IP addresses, as well as their TCP/UDP ports, can be translated into a single network address and its multiple TCP/UDP ports. These two mechanisms are used together in traditional NAT.
How does NAT work?
In NAT, the IP addresses are translated in the following manner :
- When an outgoing session is initiated from a private host, its private address is bound to the corresponding external address. In the case of NAPT, the binding consists of a tuple of IP addresses and ports.
- After the binding, a soft state is maintained for each connection using the binding, using which incoming and outgoing network packets will be looked up and translated.
- The source IP, destination IP, and checksum of the IP header are modified for each incoming and outgoing network packet. For NAPT, the port addresses are also translated along with IP addresses and checksum.
- Checksum modification on a per-packet basis may be very computation-intensive. So, an efficient algorithm is used for that purpose. It calculates the arithmetic difference between the before-translation and after-translation addresses and adds that to the checksum.
- When the last session is terminated, the binding is also terminated.
0 Comments