Characteristics of NAT

NAT enables nonregistered IP addresses, or the RFC 1918 private address space, to be used inside a private network and to gain access to a public network, such as the World Wide Web. The edge router connected to the public network uses NAT to translate the private network addresses to a registered public address. The translation can be statically or dynamically done.

In the case of a simple translation, each nonregistered IP address is translated to a unique public address. This enables access from networks that are using nonregistered addressing (or a private address space) to the WWW. In this scenario, the administrator would first have to find an Internet service provider (ISP) to supply a block of addresses for use. This may be monetarily difficult for all but the largest of companies.

To conserve the use of address space, a private space can be "overloaded" to a single or small number of addresses by using the source IP address plus the source port of the packet to further distinguish the sending address. Figure 11-2 illustrates the packet header.

Figure 11-2 Packet Header Information



Destination IP

Source IP





Transport Layer Header

Network Layer Header

Transport Layer Header

Network Layer Header

The disadvantages to NAT implementation are the increased latency, the address accountability, and the loss of certain application functionality, as defined in the following list:

• Latency—An increased latency is due to the introduction of a translation step (a Layer 7 application used for the translation) in the switching path.

• Accountability—Some may perceive the hiding of internal addresses from the external world as advantageous. However, this can be problematic when trying to determine which internal IP address is responsible for what traffic. Constantly monitoring the NAT connections or providing only static NAT translations would help your workload, but would also detract from the ease of use provided by a dynamic NAT implementation.

• Functionality—Some applications that require a specific source port or source address would not be able to function in a NAT environment that provides randomly selected address and port assignments. For example, a specialized database that uses IP addresses for access to specific records would not function. Functionality could be restored, however, by using statically mapped translations, but again the dynamic functionality of NAT would be lost.

Another reason that a specific source port or source address would not be able to function in a NAT environment is that some applications embed IP address information at the application layer, in addition to the IP packet addressing; when this happens, NAT is unable to identify the situation that is producing a mismatch between the information included in the IP packet and the information included at the application layer. Oracle and other relational databases are common examples of applications that embed IP address information.

NAT conserves legal addresses, reduces overlap dysfunctionality, increases Internet flexibility, and eliminates network renumbering in a changed environment, as described in the following list:

• Conservation—Legally registered addresses can be conserved using the private address space and NAT to gain access to the Internet.

• Overlap dysfunction—In an overlapped network situation, NAT can enable immediate connectivity without renumbering. In the case in which two companies have merged and are both using the same private address space, overlap dysfunction can be temporarily alleviated with NAT. The key here is the word temporary. This solution is not a design example but a Band-Aid for a quick resolution of the problem. In addition, if a service provider has connectivity to multiple clients that are using the same private address space, it may be necessary to allow connection to multiple clients that have elected to use the same private address space.

• Flexibility—Connecting to an Internet provider or changing providers can be accomplished with only minor changes to the NAT configuration. Becoming disgruntled or unenamored with an ISP provider is not uncommon. With NAT, changing ISPs is simply a matter of changing the pool of addresses that have been assigned. Because the NAT function occurs at the edge of the network, the router is the only device that requires a reconfiguration. If the customer accepts a nonprivate block of addresses from a provider and uses these on the inside network, changing ISPs would require renumbering the entire network.

• Eliminated renumbering—As network changes are made, the cost of immediate renumbering can be eliminated by using NAT to allow the existing address scheme to remain. The renumbering effort can be gradually implemented or relegated to a DHCP server in an incremental fashion rather than all at once.

Was this article helpful?

+2 0


  • markus
    What are cahracteristics of nat?
    2 years ago

Post a comment