Network Address Translation
Current problems with IP addresses:
Address depletion
Scaling in routing
Solutions:
IPv6
CIDR
NAT
Network Address Translation
What is NAT?
Informally, NAT is a method of connecting multiple
computers on a local network to an external network
using one IP address.
NAT can be incrementally deployed and only the
local network routers need to be modified to
implement NAT.
Backbone routers need not be modified.
Network Address Translation
Basic operation:
Backbone router
NAT
NAT
198.76.28.4
198.76.29.7
…
10.33.96.5: 2000
…
…
10.81.13.22: 3000
Source -> 10.33.96.5: 2000
Source -> 198.76.28.4: 600
Destn. -> 198.76.28.4: 600
Destn. -> 198.76.29.7: 500
NAT
198.76.29.7
Translation
Source -> 198.76.29.7: 500
Destn. -> 198.76.28.4: 600
NAT
198.76.29.7
Reverse
Translation
Source -> 198.76.28.4: 600
Destn. -> 10.33.96.5: 2000
…
Network Address Translation
Routing across NAT:
Local addresses are hidden from backbone.
Backbone-partitioned networks need special
handling using tunneling.
Header manipulations:
IP checksum should be changed.
For applications like FTP, application data should
be modified which might require changing the TCP
sequence no.s and acknowledgement no.s
Network Address Translation
ICMP messages need a lot of modifications when
they pass through a NAT – two address
modifications and three checksum modifications.
Disadvantages:
NAT heavily violates the layering principle by
looking into the transport and application layers.
Applications that contain IP address in their data
cannot work through NAT unless NAT knows the
exact occurrences.
Network Address Translation
NAT reduces the options for providing security
because any application data that contains IP
addresses cannot be encrypted.
NAT provides privacy by hiding the local addresses
but this makes detecting of attacks like mail spam
difficult.
Conclusion:
NAT has several negative characteristics but it could
still act as a short-term solution to the address
depletion and scaling problems.