NNETWORKING

What is NAT? How Does NAT Work?

what is NAT

In this blog we will look at what is NAT(Network Address Translation) and the key concepts and workflows involved in NAT.

What is NAT?

NAT stands for Network Address Translation. Network Address Translation, as the name indicates, translates a given set of private IP addresses to a single public IP address attached to a gateway device. For example, a home modem or a firewall device in an organization.

To address the IPV4 exhaustion issue, the private IP ranges was introduced and organisations could use the private IP ranges for their tens of thousands of computers and servers.

But the problem is, when you have a private network with devices having private IP addresses, you cannot route the traffic to public Internet because the destination server cannot route the response to the private IP range.

Here is where NAT comes in to picture. The gateway device in your home or organization connected to the ISP with a public address will do the Natting.

When it comes to cloud platforms like AWS, Azure, or Google cloud, a NAT gateway gets deployed in public subnet for servers in the private subnet to communicate to the outside world.

Also, you might want to keep the private network secure from the external network.

Now let’s understand how NAT works.

How Does NAT Work?

Here is a high level architecture of a request that goes via NAT device (Router).

NAT high level architecture

So here is how it works.

Step 1: A computer in the private network tries to access a public website. For this example, lets assume it as google.com.

Step 2: The request packet first reaches the router. The router has a public IP address. It adds its public address as the source IP address in the request IP packet header and forwards the request, as shown in the image below. You can also call this process as “masquerading”.

NAT IP source and destination modification process

Step 3: The request reaches the server (google.com) and it sends the webpage as response by altering the source to the servers IP and destination as routers public IP as shown in the image above.

Step 4: When the response reaches the router, it modifies the destination address to the requested computers private IP address as shown in the image above.

The router keeps track of requests via the NAT table. It is a unique table managed by the NAT-enabled device. In our example, it’s a router. With the NAT table information, the router knows from which device the request started and to which device it should send the response back.

Types of NAT

There are three types of NAT, Static NAT, Dynamic NAT, and Port Address Translation (PAT). Let’s see about them in detail

1. Static NAT

As the name suggests, the mapping of public and private IPs is fixed and does not change.

It is a one-to-one mapping, which means each private IP has its own dedicated public IP, and it is static.

One of the good example of this type is the servers we create in cloud platforms, each server has it own public and private IP.

2. Dynamic NAT

Dynamic NAT is the opposite of static NAT. In this type of NAT, many public IPs will be available, and the private IPs will be assigned to any available public IP.

It is a many-to-many mapping, which means that during connection, private IPs will be connected to a random public IP.

You can take the corporate office network setup as an example. Each person will be assigned a different public IP whenever they connect to the Internet.

3. Port Address Translation (PAT)

PAT is also called Loaded NAT. Unlike static and dynamic NAT, PAT has a single public IP that will be used by all private IPs, it is a many-to-one mapping.

You may ask how the private IP maps the correct information to the requested public IP. The answer is that it uses ports to differentiate each connection.

Your home router is the best example of this, every device in your home will share the same router’s public IP.

Benefits of Using NAT

  1. NAT security features separate internal networks from external networks, which improves the security of private networks.
  2. NAT solves a bigger problem with IPV4 exhaustion. 
  3. RFC1918 (Private IP ranges) is made possible due to NAT.
  4. RFC1918 Subnets has the following ranges.
    • 10.0.0.0/8 
    • 172.16.0.0/16 (172.16/12 prefix)
    • 192.168.0.0/16

Limitations of NAT

  1. NAT causes end-to-end connection issues.
  2. NAT can cause issues such as latency, packet loss, etc because of the extra security layer it adds.
  3. NAT needs additional configurations for some applications, which increase the complexity of the connection.
  4. NAT has some compatibility issues with protocols such as FTP, SIP, etc.

      NAT FAQ’s

      Does NAT maps MAC address?

      No. NAT works on the Network layer (Layer 3) where it deals with with packets. While MAC address belong to the data-link layer.

      Do you need a NAT for Servers With public IP & Internet Connectivity?

      No. NAT is designed for devices with private IP ranges to connect to internet.

      Conclusion

      In this blog we learned about the important concepts in Network Address Translation. NAT is a very important topic when it comes to cloud networking.

      Every DevOps engineer should know about NAT and how it works. In my becoming a DevOps engineer guide, I have spoken about learning NAT in the networking section.

      Further Reading & References

      [1]. RFC-2663: Network Address Translator (NAT) Terminology and Considerations

      Established in 2014, a community for developers and system admins. Our goal is to continue to build a growing DevOps community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more on DevOps.

      1 comment
      Leave a Reply

      Your email address will not be published. Required fields are marked *

      You May Also Like