Nat

NAT devices convert internal IP address space into globally unique IP addresses. NAT was originally specified by RFC 1631; the current specification is RFC 3022. Companies use NAT to translate internal private addresses to public addresses.

The translation can be from many private addresses to a single public address or from many private addresses to a range of public addresses. When NAT performs many-to-one, the process is called port address translation (PAT) because different port numbers identify translations.

As shown in Figure 7-3, the source addresses for outgoing IP packets are converted to globally unique IP addresses. The conversion can be configured statically, or it can dynamically use a global pool of addresses.

Figure 7-3 Network Address Translation

Inside Network Public Network

Inside Network Public Network

Inside local addresses: -Inside global address pool:

192.168.10.0/24 200.100.100.1 to 200.100.100.254

192.168.11.0/24

Inside local addresses: -Inside global address pool:

192.168.10.0/24 200.100.100.1 to 200.100.100.254

192.168.11.0/24

NAT has several forms:

■ Static NAT—Maps an unregistered IP address to a registered IP address; it is configured manually.

■ Dynamic NAT—Dynamically maps an unregistered IP address to a registered IP address from a pool (group) of registered addresses. The two subsets of dynamic NAT are overloading and overlapping:

— Overloading—Maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is also known as PAT, single-address NAT, or port-level multiplexed NAT.

— Overlapping—Maps registered internal IP addresses to outside registered IP addresses. It can also map external addresses to internal registered addresses.

When designing for NAT, you should understand the following terminology:

■ Stub domain—The internal network that might be using private IP addresses.

■ Public network—Outside the stub domain, it resides in the Internet. Addresses in the public network can be reached from the Internet.

■ Inside local address—The real IP address of the device that resides in the internal network. This address is used in the stub domain.

■ Inside global address—The translated IP address of the device that resides in the internal network. This address is used in the public network.

■ Outside global address—The real IP address of a device that resides in the Internet, outside the stub domain.

■ Outside local address—The translated IP address of the device that resides in the Internet. This address is used inside the stub domain.

Figure 7-4 illustrates the terms described in the list. The real IP address of the host in the stub network is 192.168.10.100; it is the inside local address. The NAT router translates the inside local address into the inside global address (200.100.10.100). Hosts located in the Internet have their real IP address (outside global address) translated; in the example, 30.100.2.50 is translated into the outside local address of 192.168.100.50.

Figure 7-4 Terminology Example

Stub Network Public Network

Figure 7-4 Terminology Example

Stub Network Public Network

Outside local addresses: 192.168.100.50 <-Outside global address: 30.100.2.50

Outside local addresses: 192.168.100.50 <-Outside global address: 30.100.2.50

Was this article helpful?

0 0

Post a comment