Jump to content

Network address translation

From Simple English Wikipedia, the free encyclopedia

In computer networking, network address translation (NAT) is a technique of modifying the network address information in the IP packet headers while transferring the packet across a traffic routing device; such a technique remaps a given address space into another (usually smaller) address space. This allows multiple computers to share a single public IPv4 address, which has become necessary because there are not enough IPv4 addresses for every computer in the world.

Today, NAT is used to hide networks (called network masquerading) or to hide IP (called IP masquerading). Masquerading is the mechanism that hides an entire address space, usually consisting of private network addresses (RFC 1918), behind a single IP address usually in the public domain address space.

The NAT mechanism is implemented inside a routing device that keeps track of the state of the network connections. The NAT device may also implement a firewall. The router uses translation tables to map the "hidden" addresses into a single address and then rewrites the outgoing IP packets on exit from the router so that they appear to originate from the router. In the reverse communications path, responses to the outgoing packets are mapped back to the originating IP address using the reverse of the rules ("state") stored in the translation tables. The outgoing IP packets establish the device translation tables.

The translation table rules established in the above way are cleared after a short period without new traffic refreshing their state. However, most NAT devices today allow the network administrator to configure translation tables’ entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the 'outside' network to reach selected hosts in the masqueraded network.

Carrier-grade NAT, also called large-scale NAT, is NAT done by the Internet service provider (ISP). This is used when the ISP has more customers than IP addresses. This is commonly used by cellular service providers on 3G and 4G networks, but it is not (yet) common on landline DSL or cable connections. The CIDR address block 100.64.0.0/10 is reserved for carrier-grade NAT, although many ISPs improperly use RFC 1918 private addresses, which are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

NAT is used only in IPv4. It is not necessary in IPv6, because IPv6 has enough addresses for every computer in the world to have a global address. IPv6 can, however, use network prefix translation, which translates the network prefix (usually the first 64 bits of the address) from private address space to public, but leaves the host identifier (usually the last 64 bits) the same. This creates a one-to-one mapping of IPv6 addresses and does not have the same drawbacks as traditional NAT.

[change | change source]