Network Address Translation (NAT) allows multiple devices on a private network to share a single public IP address to connect to the internet. It works by translating the private IP addresses and port numbers in data packets into public IP addresses and port numbers before being sent out to the internet, and vice versa for incoming packets. Dynamic NAT assigns public IP addresses and port numbers from a pool to private addresses and ports on demand. Overloading allows multiple connections from the same private IP by using different port numbers. Proxies provide additional benefits like caching but require explicit client support. NAT can improve security, administration and fault tolerance but causes issues for some network games without workarounds.

1. Network Address
Translation
Vuong Ngoc Anh

2. Why NAT?
• Network Address Translation (NAT) resolves the problem of
lacking IP addresses among network devices communication
over the Internet.
• NAT allows a single device (router or firewall) to intermediate
between the private and public networks by translating
unregistered IP address into registered IP address.
• Locate at network layer.

3. Concepts around NAT
• Source address, destination address: are included in the
packet’s IP header, identify IP address of two machines that
are exchanging data.
• Source port, destination port numbers: the numbers assigned
for two computers at each end to open way (port) for data
exchange. Port numbers are included in the packet’s IP header.
• Address translation table: a list of unique, non-unique IP
addresses and port numbers written by the router.
• Stub domain: a LAN network with registered IP addresses.

4. Dynamic NAT
• A limited number of IP addresses is given to LAN network
devices. There are a number of machines without unique IP
addresses.
• A computer (A) without unique IP address try to connect to
another computer outside of the network (B).
• The IP address of A is written into the router’s address
translation table. Its address is replaced with an available
unique IP addresses in the network.
• Packet coming from B to A: destination IP address is checked
to identify the recipient computer.
• The router checks the address translation table again and
change the address to the original non-unique IP address.
• If no match finds, the packet is dropped.

5. Overloading
• Multiplexing: concurrent connections are allowed between
computers of different TCP/UDP ports.
• A computer (A) without unique IP address try to connect to
another computer outside of the network (B).
• The IP address and port number of A is saved into the address
translation table. Its address is replaced with the IP address of
the router. Port number is replaced with the place that A’s
information is stored in the address translation table.
• Destination port of B’s packet is checked to traced back the
address of A in the address translation table. Original address
and port are then changed back.
• The same port number is then used for the next connection
between A and B. If the place is not accessed again before a
certain amount of time, the entry is removed.

6. Proxies
• Proxy: any device that stands between the client and server
(mostly used in Web). Clients make requests to the proxy, then
the proxy sends request to Web server on behalf of the client.
• Proxy stores frequent visited website into local hard disk and
load them when client comes back instead of downloading all
data once again from the remote server (caching proxy
servers).
• If more than one client requests from the same Web server,
proxy will make one request and distribute the data responds
to all the client.
• Unlike NAT, proxy is not transparent operation. It must be
explicitly supported by its clients (e.g. by configuring web
browser to use proxy).

7. Security and administration
• Automatically provides firewall-style protection between
internal and external network: no connection from outside is
allowed unless contact originates from internal devices.
• Extensive filtering and traffic logging: filter contents viewed by
internal machines and report with a log file.
• The involvement of NAT is transparent with both computers at
each end.
• Make network administration a lot more easier, e.g. when
moving web service to another host.
• Easy changes to made to internal network as the external IP
addresses to deal with is either router’s or a list of global
addresses.

8. Multi-homing
• Multi-homing = multiple connection
• The load of data packet is distributed through multiple
connections to reduce the risk of failure from single
connection and decrease wait times.
• Different ISPs that assign different range of IP addresses are
used. Routers in multi-homing network uses IBGP (Internal
Border Gateway Protocol) on the stub domain side and EBGP
(External Border Gateway Protocol) to communicate with
other routers.
• As one of the connection to an ISP fails, data is rerouted to
other router.

9. How about networking games?
• NAT poses problem to network game development.
• Generally NAT blocks all incoming packets and remote
computers are unable to initiate contact to local computers,
which is bad for peer to peer games.
• To overcome this people needs to manually configure port
forwarding or giving first contact from inside. Or use NAT
punchthrough.
• Read more about NAT punchthrough:
http://www.raknet.net/raknet/manual/natpunchthrough.html

10. Reference
• NAT Punchthrough. (n.d.). Retrieved November 8, 2013, from
Raknet:
http://www.raknet.net/raknet/manual/natpunchthrough.html
• Network Address Translation (NAT). (n.d.). Retrieved
November 8, 2013, from Vicomsoft:
http://www.vicomsoft.com/learning-center/network-addresstranslation/
• Tyson, J. (n.d.). How Network Address Translation Works.
Retrieved November 8, 2013, from HowStuffWorks:
http://computer.howstuffworks.com/nat.htm
• Phifer, L. (n.d.). The Trouble With NAT. Retrieved from Cisco:
http://www.cisco.com/web/about/ac123/ac147/ac174/ac182
/about_cisco_ipj_archive_article09186a00800c83ec.html
• Unity3D forum