Transcript Slide 1
Network Address Translation
Current problems with IP addresses:
Address depletion
Scaling in routing
Solutions:
IPv6
CIDR
NAT
Network Address Translation
What is NAT?
Informally, NAT is a method of connecting multiple
computers on a local network to an external network
using one IP address.
NAT can be incrementally deployed and only the
local network routers need to be modified to
implement NAT.
Backbone routers need not be modified.
Network Address Translation
Basic operation:
Backbone router
NAT
NAT
198.76.28.4
198.76.29.7
…
10.33.96.5: 2000
…
…
10.81.13.22: 3000
Source -> 10.33.96.5: 2000
Source -> 198.76.28.4: 600
Destn. -> 198.76.28.4: 600
Destn. -> 198.76.29.7: 500
NAT
198.76.29.7
Translation
Source -> 198.76.29.7: 500
Destn. -> 198.76.28.4: 600
NAT
198.76.29.7
Reverse
Translation
Source -> 198.76.28.4: 600
Destn. -> 10.33.96.5: 2000
…
Network Address Translation
Routing across NAT:
Local addresses are hidden from backbone.
Backbone-partitioned networks need special
handling using tunneling.
Header manipulations:
IP checksum should be changed.
For applications like FTP, application data should
be modified which might require changing the TCP
sequence no.s and acknowledgement no.s
Network Address Translation
ICMP messages need a lot of modifications when
they pass through a NAT – two address
modifications and three checksum modifications.
Disadvantages:
NAT heavily violates the layering principle by
looking into the transport and application layers.
Applications that contain IP address in their data
cannot work through NAT unless NAT knows the
exact occurrences.
Network Address Translation
NAT reduces the options for providing security
because any application data that contains IP
addresses cannot be encrypted.
NAT provides privacy by hiding the local addresses
but this makes detecting of attacks like mail spam
difficult.
Conclusion:
NAT has several negative characteristics but it could
still act as a short-term solution to the address
depletion and scaling problems.