Network Address Translation

NAT, defined in RFC 1631, allows a host that does not have a valid registered IP address to communicate with other hosts through the Internet. Of course, if you do not have to use a registered IP address, you can help avoid the day when we run out of available IP addresses! NAT allows these addresses that are not Internet-ready to continue to be used but still allows communication with hosts across the Internet. The ICND exam covers NAT in more detail, including configuration.

To conserve addresses, NAT uses an additional feature called Port Address Translation (PAT). PAT takes advantage of the fact that a server really does not care whether it has one connection each to three different hosts, or three connections to a single host IP address. So, to support lots of private IP addresses with only one or a few publicly registered IP addresses, NAT/PAT translates the private IP address into a valid public address as the packet exits the private IP network. However, instead of just translating the IP address, it also translates the port number. Figure 12-6 outlines the logic.

Figure 12-6 NAT Overload Using PAT

Dynamic NAT Table, With Overloading

Inside Local

Inside Global

10.1.1.1:1024

200.1.1.2:1024

10.1.1.2:1024

200.1.1.2:1025

10.1.1.3:1033

200.1.1.2:1026

10.1.1.2, port 1024 NAT 200.1.1.2, port 1025 170.1.1.1, port 80

Server a.

The NAT router keeps a NAT table entry for every unique combination of private IP address and port, with translation to the public IP address and a unique port number associated with the public IP address. Because the port number field has 16 bits, NAT/PAT can support more than 64,000 connections using one public IP address, which helps the IP address space scale.

0 0

Post a comment