What is network address translation (nat) faq, what is network address translation (nat)
What is Network Address Translation (NAT)?
A Network Address Translation (NAT) is the process of mapping an internet protocol (IP) address to another by changing the header of IP packets while in transit via a router. This helps khổng lồ improve security và decrease the number of IP addresses an organization needs.
Bạn đang xem: Network address translation
How does Network Address Translation work?
A NAT works by selecting gateways that sit between two local networks: the internal network, and the outside network. Systems on the inside network are typically assigned IP addresses that cannot be routed lớn external networks (e.g., networks in the 10.0.0.0/8 block).
A few externally valid IP addresses are assigned lớn the gateway. The gateway makes outbound traffic from an inside system appear lớn be coming from one of the valid external addresses. It takes incoming traffic aimed at a valid external address & sends it to the correct internal system.
This helps ensure security. Because each outgoing or incoming request must go through a translation process that offers the opportunity to qualify or authenticate incoming streams và match them lớn outgoing requests, for example.
NAT conserves the number of globally valid IP addresses a company needs và -- in combination with Classless Inter-Domain Routing (CIDR) -- has done a lot lớn extend the useful life of IPv4 as a result. NAT is described in general terms in IETF RFC 1631.
What are the various types of NAT techniques?
The NAT mechanism ("natting") is a router feature, and is often part of a corporate firewall. NAT gateways can maps IP addresses in several ways:
from a local IP address khổng lồ one global IP address statically; to a large private network using a single public IP address using translation tables; from a global IP address khổng lồ any of a pool of local IP addresses on a round-robin basis.In some cases, network administrators define policies that allow the gateway device to assign mappings based on the intended destination ("pick this external address for communications lớn partner A"s area network; pick that external address for communications to lớn partner B"s").
Policies can also be used on the protocols being used ("assign out of this pool for HTTP traffic, that pool for HTTPS") or on other factors.
A newer way khổng lồ use NAT focuses on translating an ISP provider"s IPv4 addresses to IPv6, và vice versa. This provides integration of IPv4 infrastructure và end nodes into IPv6 environments, and allows IPv6 services to interact with IPv4 systems.

What is the difference between dynamic NAT (DNAT) và static NAT (SNAT)?
A dynamic NAT is common in larger organizations with complex internal networks. It uses several available IP addresses during the translation.
An example of this can be seen with Cisco, which has developed a technique that uses a NAT overload to map several private IP addresses to lớn a single public IP address.
Conversely, a static NAT, also common in large organizations, provides a 1:1 mapping between an internal IP address & a public network IP address.
This was last updated in July 2021
Continue Reading About Network Address Translation (NAT)
Network Address Translation Definition
Network Address Translation (NAT) is a process that enables one, unique IP address to represent an entire group of computers. In network address translation, a network device, often a router or NAT firewall, assigns a computer or computers inside a private network a public address. In this way, network address translation allows the single device to lớn act as an intermediary or agent between the local, private network & the public network that is the internet. NAT’s main purpose is khổng lồ conserve the number of public IP addresses in use, for both security and economic goals.

Network Address Translation FAQs
What is Network Address Translation?
Network Address Translation (NAT) conserves IP addresses by enabling private IP networks using unregistered IP addresses to lớn go online. Before NAT forwards packets between the networks it connects, it translates the private internal network addresses into legal, globally quality addresses.
NAT configurations can reveal just one IP address for an entire network lớn the outside world as part of this capability, effectively hiding the entire internal network and providing additional security. Network address translation is typically implemented in remote-access environments, as it offers the dual functions of address conservation & enhanced security.
What is the Purpose of NAT?
To communicate with the internet, a networking system requires a chất lượng IP address. This 32-bit number identifies & locates the network device so a user can communicate with it.
The IPV4 addressing scheme of past decades technically made billions of these quality addresses available, but not all could be assigned khổng lồ devices for communication. Instead, some were exempted and used for testing, broadcast, and certain reserved military purposes. While that left over 3 billion for communication, the proliferation of the internet has meant the addresses were near exhaustion.
The IPv6 addressing scheme was introduced as the solution lớn this weakness in the IPv4 addressing scheme. IPv6 recreates the addressing system so there are more options for allocating addresses, but it has taken several years lớn alter the networking system infrastructure và to implement. NAT was introduced by Cisco in the meantime và widely deployed.
How Network Address Translation Works
Network address translation permits a single device, such as a NAT firewall or NAT router or other network address translation device, khổng lồ act as an agent between the public network và private networks—the internet & any local networks. This allows an entire group of devices khổng lồ be represented by a single quality IP address when they vì chưng anything outside their network.
NAT works like a large company’s receptionist, with specific instructions on which calls và visitors to lớn keep out, make wait, or send through, và where they should go. For example, you can tell the receptionist not to lớn forward any visitors or calls without your request until you’re waiting for something specific; you can then leave instructions about letting that particular client communication through.
The client calls the company’s main number, because that public-facing number is the only one anyone knows. They tell the receptionist they need to speak with you, & the receptionist a) checks the instructions and knows you want the call forwarded, & b) matches your extension with a danh mục to send the information to lớn the right place. The caller never gets your private line.
Network address translation works similarly. The request arrives at the public IP address and port, và the NAT instructions send it where it should go without revealing the private IP addresses of the destinations.
NAT Network Address Translation Example
As a NAT network address translation example, an inside host may want to lớn communicate with a destination network address translation web hệ thống address in the outside world. For further communication, it will send a data packet lớn the network’s NAT gateway router.
The NAT gateway router determines whether the packet meets the condition for translation by learning the source IP address of the packet & looking it up in the table. It can locate authenticated hosts for the internal network translation purposes on its access control menu (ACL), & then complete the translation, producing an inside global IP address from the inside local IP address.
Finally, the NAT gateway router will route the packet to lớn the destination after saving the translation in the NAT table. The packet reverts to the global IP address of the router when the internet’s web vps reverts to lớn the request. Referring back lớn the NAT table, the router can determine which translated IP address corresponds to which global address, translate it to lớn the inside local address, and deliver the data packet lớn the host at their IP address. The data packet is discarded if no match is found.
Types of Network Address Translation
There are many forms of NAT & it can function in several ways.
Static network address translation SNAT. SNAT maps unregistered IP addresses using 1 to lớn 1 network address translation to lớn match up with registered IP addresses. It is particularly useful when a device needs lớn be accessible from outside the network.
Dynamic network address translation DNAT. This khung of NAT selects a target from a group of registered IP addresses & maps an unregistered IP address khổng lồ the registered version.
Reverse network address translation RNAT. RNAT allows users khổng lồ connect to lớn themselves using the internet or public network.
Overloading network address translation NAT. This is also known as NAT overload, port-level multiplexed NAT, single address NAT, or port address translation (PAT). This khung of dynamic NAT uses different ports to bản đồ multiple private, local, unregistered IP addresses lớn a single registered IP address & distinguish which traffic belongs lớn which NAT IP address. In terms of port address translation vs network address translation, PAT is often most cost-effective when many users are connected to the mạng internet through just one public IP address.
Overlapping network address translation NAT. Overlapping NAT can happen either when two organizations whose networks both use RFC 1918 IP addresses merge, or when registered IP addresses are assigned khổng lồ multiple devices or otherwise in use on more than one internal network. In both cases, the networks need to communicate, và the organization(s) use overlapping NAT khổng lồ achieve this without readdressing all devices.
The NAT router intercepts addresses, & maintains a table of them so that it can replace them with registered unique IP addresses. The network address translation router must both translate registered external IP addresses lớn those unique to the private network and translate internal IP addresses to registered chất lượng addresses. It might achieve this either by using DNS to implement dynamic NAT or through static NAT.
In the network address translation context, the internal network, commonly referred to as the stub domain, is usually a local area network LAN that uses IP addresses internally. Most stub domain name network traffic is local, remaining inside the internal network. A stub tên miền may include both unregistered and registered IP addresses.
Network Address Translation Configuration
A traditional NAT configuration requires at least one interface on a router (NAT outside); another interface on the router (NAT inside); & a configured set of rules for translating the IP addresses in the packet headers and possibly payloads.
In this example of network address translation configuration, IT configures the NAT router as follows. Whenever a device on the inside with an unregistered (inside, local) IP address needs khổng lồ communicate with the (outside, public) network, the router translates those unregistered addresses residing on the private (inside) network to registered IP addresses.
The organization receives a range of registered, quality IP addresses assigned by the ISP. The assigned list of addresses are called inside global addresses.The team splits unregistered, private addresses into one small group và one much larger group. The stub domain will use the larger group, called inside local addresses. The NAT routers will use the small group, called outside local addresses, to lớn translate the outside global addresses or unique IP addresses of devices on the public network.Most stub domain name computers communicate with each other using inside local addresses. There are inside global addresses for those stub domain name computers that communicate extensively outside the network, meaning they bởi vì not require translation.However, when a typical stub domain computer with an inside local address needs khổng lồ communicate outside the network, it sends the packet lớn a NAT router.The NAT router checks for the destination address in the routing table. If it has an entry for that address, the NAT router translates the packet and enters that action into the address translation table. The NAT router drops the packet if the destination address is not in the routing table.The router sends the packet on using an inside global address.A public network computer sends a packet to the private network. The packet’s destination address is an inside global address and its source address is an outside global address.The NAT router confirms that the destination address maps khổng lồ a stub tên miền computer by checking the address translation table.The NAT router sends the packet khổng lồ the destination computer after translating the packet’s inside global address to the inside local address.NAT overloading uses multiplexing, a TCP/IP protocol stack feature. Multiplexing enables a computer khổng lồ maintain multiple connections with remote computer(s) concurrently using different ports. The header of an IP packet contains:
Source Address. The originating computer’s IP address, for example, 123.123.12.1Source Port. Xem thêm: Dự Đoán Tỉ Số Việt Nam Nhật Bản 1, Tỉ Số Trận Tuyển Nhật Bản
These four numbers combined represent a single TCP/IP connection. The addresses clarify the two computers at each end, & the port numbers provide a chất lượng identifier for the connection between the two computers. Although there are a possible 65,536 values here since each port number uses 16 bits, different ports are mapped in slightly different ways, so about 4,000 available ports is realistic.
Dynamic NAT và NAT Overloading Configuration
In dynamic network address translation:
The organization sets up a router enabled for NAT that contains a range of chất lượng IP addresses from IANA.A stub domain computer attempts khổng lồ connect to lớn an outside computer.The router receives the stub domain name computer’s packet.The NAT-enabled router saves the non-routable IP address from the sending computer to an address translation table. The router maps the first available IP address outside the zone of unique IP addresses to the sending computer khổng lồ replace the non-routable IP address.The router now checks each packet’s destination address when it arrives from the destination computer, & verifies which stub domain computer the packet belongs to with the address translation table. If it finds no match, it drops the packet. Otherwise, it locates the alternative for the destination address saved in the address translation table & sends it.The computer receives the packet & the process continues as long as the external system and the computer communicate.In NAT overloading:
As in the previous dynamic NAT example, a stub domain name or internal network has been phối up with non-routable, non-unique IP addresses not specifically allocated for them, so the organization sets up a router enabled for NAT that contains a chất lượng IP address from IANA.A stub domain computer attempts to connect khổng lồ an outside computer.The NAT-enabled router receives the stub domain computer’s packet.The NAT router saves the non-routable IP address & port number from the sending computer to lớn an address translation table. The router maps a port number and the router’s IP address to lớn the sending computer lớn replace the non-routable IP address and port number.The router checks the destination ports of packets that return from the destination computer và confirms which stub domain computer the packet belongs to. It replaces the destination port & address with the saved versions from the address translation table và sends them.The computer receives the packet và the process continues as long as the external system & the computer communicate.The NAT router will continue lớn use the same port number throughout the connection, as it has the computer’s source port và address saved lớn the address translation table. If the communication ends without the entry being accessed again, the router removes the entry from the table.In contrast lớn the computer described above in the traditional NAT configuration, this is how stub domain name computers might appear lớn external networks:
Source Computer 1
IP Address: 192.168.24.11Computer Port: 620NAT Router IP Address: 215.37.32.203NAT Router Port Number: 1
Source Computer 2
IP Address: 192.168.24.12Computer Port: 80NAT Router IP Address: 215.37.32.203NAT Router Port Number: 2
Source Computer 3
IP Address: 192.168.24.13Computer Port: 1560NAT Router IP Address: 215.37.32.203NAT Router Port Number: 3
The NAT-enabled router stores each source computer’s IP address & port number. It uses its own registered IP address and port numbers lớn replace the IP address and the port number that correspond to that packet’s source computer in the table. In place of the source-computer information on each packet, any external network sees the NAT router’s IP address và the assigned port number.
Some stub tên miền computers vì use dedicated IP addresses. In these situations their IP addresses can pass by the NAT router untranslated if you create an access list of IP addresses that clarifies for the router which network computers require NAT.
A router’s Dynamic Random Access Memory (DRAM) is the main factor that determines the number of simultaneous translations that it can support. A typical address-translation table entry requires about 160 bytes, so for most applications, a router with 4 MB of DRAM is sufficient.
According khổng lồ IANA và RFC 1918, there are specific ranges of IP addresses for use as internal network addresses that are non-routable. These addresses are unregistered, meaning no agency or company can use them on public computers or claim ownership over them. Instead of forwarding unregistered addresses, routers are designed to lớn discard them. Therefore, a packet from an unregistered sending computer address could reach its registered computer destination, but the first router the reply came to would discard it.
To reduce the chance of an IP address conflict, it pays to lớn follow the range for each of the three classes of IP addresses in your internal networking:
Range 1: Class A – 10.0.0.0 through 10.255.255.255Range 2: Class B – 172.16.0.0 through 172.31.255.255Range 3: Class C – 192.168.0.0 through 192.168.255.255However, this is a best practice, not a requirement.
NAT Router
Using NAT overload, a NAT router creates a network of IP addresses for a local area network LAN and connects the public network that is the internet to that LAN network. The router executes the NAT permitting communication between WAN or internet and the host devices or computers on the LAN network. Because NAT routers appear to be a solo host with a solo IP address lớn the internet, they are used for small scale industries and home purposes.
Advantages of Network Address Translation
Advantages of NAT
Address conservation. NAT conserves IP addresses that are legally registered and prevents their depletion.
Network address translation security. NAT offers the ability lớn access the mạng internet with more security và privacy by hiding the device IP address from the public network, even when sending and receiving traffic. NAT rate-limiting allows users to limit the maximum number of concurrent NAT operations on a router và rate limit the number of NAT translations. This provides more control over the use of NAT addresses, but can also be used lớn limit the effects of worms, viruses, and denial-of-service (Do
S) attacks. Dynamic NAT implementation creates a firewall between the internal network và the internet automatically. Some NAT routers offer traffic logging & filtering.
Flexibility. NAT provides flexibility; for example, it can be deployed in a public wireless LAN environment. Inbound mapping or static NAT allows external devices to lớn initiate connections to lớn computers on the stub domain in some cases.
Simplicity. Eliminates the need to renumber addresses when a network changes or merges.Network address translation allows you to lớn create an inside network virtual host to coordinate TCP load-balancing for internal network servers.
Speed. Compared to lớn proxy servers, NAT is transparent khổng lồ both destination and source computers, allowing for quicker direct dealing. In addition, proxy servers typically work at the transport layer or layer 4 of the OSI Reference model or higher, making them slower than network address translation, which is a network layer or layer 3 protocol.
Scalability. NAT and dynamic host configuration protocol (DHCP) work well together, with the DHCP server doling out unregistered IP addresses for the stub tên miền from the list as necessary. Scaling up is easier, since you can increase the available range of IP addresses the DHCP configures to lớn make room for additional network computers immediately instead of requesting more IP addresses from IANA as needs increase.
Multi-homing. Multiple connections to lớn the internet, called multi-homing, helps maintain a reliable connection & reduces the chance of a shutdown in case of a failed connection. This also enables load-balancing via reducing the number of computers using any single connection. Multi-homed networks often connect lớn multiple ISPs, each assigning a range of IP addresses or a single IP address to the organization. Routers use network address translation khổng lồ route between networks using different network address translation protocols. In a multi-homed network, the router uses part of the TCP/IP protocol suite, the border gateway protocol (BGP), khổng lồ communicate; the stub domain name side uses internal BGP or IBGP, & routers communicate with each other using external BGP or EBGP. Multi-homing reroutes all data through another router should one of the connections to an ISP fail.
Disadvantages of NAT
Resource consumption. Network address translation is a giải pháp công nghệ that consumes memory resources and processor space, because it must translate IPv4 addresses for all outgoing and incoming IPv4 datagrams and retain the details from translation in memory.
Delays. Path delays are caused by translation results in switching path delays.Functionality. Some applications and technologies will not function as expected with NAT enabled.
Traceability. Network address translation complicates protocols for tunneling. IPsec is the secure protocol recommended for network address translation.
Layer issue. A router is a device for the network layer, yet as a NAT device it is required to lớn tamper with the transport layer in the khung of port numbers.
Does VMware NSX Advanced Load Balancer Offer a Network Address Translation Software Solution?
VMware NSX Advanced Load Balancer’s Platform, a software-defined application services fabric, enforces access control policies & captures and analyzes end-to-end application traffic, delivering services far beyond load balancing.
When new application servers are deployed, the servers need external connectivity for manageability. In the absence of a router in the vps networks, the VMware NSX Advanced Load Balancer SE can be used for routing the traffic of hệ thống networks by using the IP routing feature of Service Engines. The Service Engine (SE) NAT functionality covers this, and serves as a NAT gateway for the entire private network of servers.
NAT will function either through IP routing on Service Engine, the SE default gateway feature, or in the post-routing phase of the packet path. To lớn use outbound NAT functionality, it’s necessary khổng lồ enable IP routing on the Service Engine & use the SE as a gateway.
VMware NSX Advanced Load Balancer supports outbound NAT for TCP/UDP, và ICMP flows.
There are three outbound NAT use case options:
NAT Flows (show NAT flow information)NAT Policy Stats (show NAT policy stats)NAT Stat (show NAT statistics)The platform also enables Source NAT or SNAT for application identification. The source IP address used by VMware NSX Advanced Load Balancer SEs for server back-end connections can be overridden through an explicit user-specified address—the source NAT (SNAT) IP address. The SNAT IP address can be specific as part of the virtual service configuration.
In some deployments, to provide differential treatment based on the application, it’s essential to lớn identify traffic based on source IP address. For example, in DMZ deployments security, firewall, visibility, & other types of solutions may need to lớn validate clients using the source IP before passing traffic on khổng lồ an application.
Source NAT can be used with either high availability (HA) mode: elastic HA or legacy HA. The configuration requirements differ depending on whether the SE and back-end servers are in the same subnet (connected at Layer 2) or in different subnets (connected at Layer 3).
For more on the actual implementation of load balancing, security applications & web application firewalls kiểm tra out our Application Delivery How-To Videos.