NAT

Today I am going to talk about NAT (Network Address Translation.) IP addresses are assigned to device interfaces and serve as an identifier for a specific device when communicating with other devices whether internally and externally. An IP address, specifically the destination IP address enables the router to send packets toward the next hop. Since IP addresses are used to identify a specific device or host, IPv4 addresses must be unique because two devices sharing the same IP address would cause an IP conflict leading to communication errors or packet loss. 

IPv4- IPv4 addresses are 32 bit addresses divided into 4 parts called octets. Each octet ranges from 0 to 255. These are the usable leading decimal numbers, but as you can see it only allows IP addresses from 0.0.0.0 to 255.255.255.255, so eventually with millions of network devices around the world, IP address exhaustion was bound to happen meaning there would be no more unique IP addresses. The protocol that was created to delay IPv4 address exhaustion is NAT. This allows multiple internal devices that have overlapping private IP addresses with other internal networks. For example my IP address has an IP of 192.168.1.2, and my neighbor can also have 192.168.1.2 and there would be no issue because NAT allows me and my neighbor to have private IP addresses and a public IP address when communicating with external networks. 

RFC 1918- The private IP address ranges are taken from every class from A to C. These are:

1. Class A: 10.0.0.0 – 10.255.255.255
2. Class B: 172.16.0.0 – 172.31.255.255
3. Class C: 192.168.0.0 – 192.168.255.255

The job of NAT is to take a private IP address from the range above and translate it to a public IP address when communicating with an external network. So an IP address of 192.168.1.2 when talking internally will use 192.168.1.2 to communicate, but when it wants to access a server on the internet it will be translated to a public IP of 203.0.113.2.

It is also important to note that although IPv4 was originally classful, modern networks are more prone to use CIDR instead of fixed classes. 

Static NAT- Now that NAT has been fully explained, it is important to know that there are different types of NAT which are static NAT, dynamic NAT, or PAT (Port Address Translation.)
All of these are a type of NAT, but function very differently. Static NAT is a manually configured one to one (one private IP translated to one public IP) mapping between an internal IP and an external IP. In a static NAT the public IP address never changes, so whenever a host wants to communicate with an external device the same IP address is used. So if my private IP is 192.168.1.2 and the static IP is 203.0.113.2, every session will use the same IP of 203.0.113.2. Static NAT is mostly used for network devices on a network that provide services to external devices and require a consistent, unchanging IP address such as web servers, VPN gateways and mail servers. 

Dynamic NAT- Dynamic NAT is a bit different, it is a type of NAT that maps private IP addresses to a pool of public IP addresses on demand. Unlike static NAT which only assigns one private IP to one public IP, dynamic NAT uses a pool of IP addresses that can be assigned to any internal device in the network. For example, if the pool of public IPs are 203.0.113.1 – 203.0.113.10. When I communicate with the external network for one connection, I may get the address of 203.0.113.4. When that session is completed the IP address is immediately returned to the pool and can be reused by other internal clients. If I initiate another session, this time I may get 203.0.113.10. As you can see, the public IP addresses are a reusable address for any internal client as long as it’s not being used by someone else.

PAT- Although static NAT and dynamic NAT allow for overlapping private IP addresses, IPv4 address exhaustion is still feasible because it is not the most efficient. For static NAT, if you have 200 users, that means you need 200 public IPs. The same goes for dynamic NAT but if you have 200 users but only 150 public IPs if they all are accessing the internet at the same time, 50 users will have to wait until the pool fills up which is inefficient. PAT is a superior version of NAT when it comes to IP address conservation. PAT is a type of NAT that allows multiple internal devices to share a single public IP address by using different source port numbers to distinguish each connection. This means that a company can have one public IP address, with thousands of simultaneous sessions because of the amount of different ports that can be used. Although the same address is used, the port numbers allow for the NAT router to know which port number matches to which private IP address.