NAT/PAT Overview and Functionality Textbook

Understanding NAT/PAT

Understand the need for NAT/PAT.
Understand how NAT/PAT works.
Learn about NAT/PAT operations and interactions with Layer 2 (L2), Layer 3 (L3), and Layer 4 (L4) addresses.
Recognize the limitations of NAT/PAT.

Definition: NAT is a process that enables hosts in a private network to communicate with external networks using different IP addresses and comes from RFC 1631 (1994) and RFC 2663 (1999).
Key Drivers:
- IP Address Depletion: A shortage of available public IP addresses.
- Scaling of Routing Tables: Challenges due to the growth of routing tables as networks expand.
Functionality:
- Allows multiple internal clients to share one or more public IP addresses.
- Reduces the need for globally unique IP addresses, facilitating the use of private IP addresses within organizations.

Public and Private IP Addressing:
- NAT uses public IP addresses assigned to routing devices while allowing multiple internal devices to utilize private IP addresses.
Major Approaches (also termed masquerading):
- NAT: Basic form of address translation.
- PAT (Port Address Translation) or NAPT (Network Address Port Translation) / NAT Overloading: Allows multiple internal devices to share a single public IP by altering port numbers.
Types of address translation:
- DNAT: Destination Network Address Translation (changing the destination IP address).
- SNAT: Source Network Address Translation (changing the source IP address, often used in port forwarding).
- Dynamic & Static NAT: Refers to the variability in the assignment of NAT addresses.

Inside Local Address: An RFC 1918 private address assigned to a host on the inside network.
Inside Global Address: A public address assigned to a host on an internal network as it exits the router.
Outside Global Address: A reachable IP address assigned to a host on the Internet.
Outside Local Address: A local address allocated to a host on an external network. (Not covered extensively in this course.)

Example Packet:
- A router (R2) receives packets intended for an external network. For example:
  Source IP: 192.168.10.10 (local) becomes 209.165.200.226 (global) when exiting, and vice versa for incoming packets.

One-to-One Mapping: An internal host can use one external address, limiting the number of users in scenarios where only one external NAT address is available.
Considerations of Limitations: If you only have one external IP configured, it poses constraints on network accessibility.

Functionality: Similar to NAT but allows one internal host to utilize one external address by differentiating on port numbers, enhancing it to a one-to-many mapping.
Example: Internal IP addresses like 192.168.10.10:1555 can connect through a single external address, distributed among multiple users using distinct ports (e.g., 1555, 1331).

Description: Typically performed at the destination network’s gateway, translating one destination port to another, sometimes altering the destination IP.
Considerations: Can introduce processing overhead on the router handling the translation.

Increased Complexity: Makes the network architecture more complex.
Overhead in Management: Managing NAT devices can incur additional overhead in monitoring and configuration.
Breaks End-to-End Connectivity: Alters the essential communication model of IP, potentially complicating the functionality of some applications.
Issues with Tunneling Protocols: Can lead to checksum violations when multiple addresses are changed.
Internal Services Requirement: Any service running internally may require a forwarder to communicate properly.

Security Protocol Misconceptions: NAT should not be considered a security measure; firewalls should be used alongside NAT for securing networks.
Mitigation: Techniques like STUN (Simple Traversal of UDP through NAT), ICE (Interactive Connectivity Establishment), and TURN (Traversal Using Relay NAT) can help alleviate some challenges associated with NAT.