Network Address Translation Current problems with IP addresses: Address depletion Scaling in routing Solutions: IPv6 CIDR NAT Network Address Translation What is NAT? Informally, NAT is a method of connecting multiple computers on a local network to an external network using one IP address. NAT can be incrementally deployed and only the local network routers need to be modified to implement NAT. Backbone routers need not be modified. Network Address Translation Basic operation: Backbone router NAT NAT 198.76.28.4 198.76.29.7 … 10.33.96.5: 2000 … … 10.81.13.22: 3000 Source -> 10.33.96.5: 2000 Source -> 198.76.28.4: 600 Destn. -> 198.76.28.4: 600 Destn. -> 198.76.29.7: 500 NAT 198.76.29.7 Translation Source -> 198.76.29.7: 500 Destn. -> 198.76.28.4: 600 NAT 198.76.29.7 Reverse Translation Source -> 198.76.28.4: 600 Destn. -> 10.33.96.5: 2000 … Network Address Translation Routing across NAT: Local addresses are hidden from backbone. Backbone-partitioned networks need special handling using tunneling. Header manipulations: IP checksum should be changed. For applications like FTP, application data should be modified which might require changing the TCP sequence no.s and acknowledgement no.s Network Address Translation ICMP messages need a lot of modifications when they pass through a NAT – two address modifications and three checksum modifications. Disadvantages: NAT heavily violates the layering principle by looking into the transport and application layers. Applications that contain IP address in their data cannot work through NAT unless NAT knows the exact occurrences. Network Address Translation NAT reduces the options for providing security because any application data that contains IP addresses cannot be encrypted. NAT provides privacy by hiding the local addresses but this makes detecting of attacks like mail spam difficult. Conclusion: NAT has several negative characteristics but it could still act as a short-term solution to the address depletion and scaling problems.