Network address translation


Published on

Published in: Education, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Network address translation

  1. 1. Network Address Translation Vuong Ngoc Anh
  2. 2. Why NAT? • Network Address Translation (NAT) resolves the problem of lacking IP addresses among network devices communication over the Internet. • NAT allows a single device (router or firewall) to intermediate between the private and public networks by translating unregistered IP address into registered IP address. • Locate at network layer.
  3. 3. Concepts around NAT • Source address, destination address: are included in the packet’s IP header, identify IP address of two machines that are exchanging data. • Source port, destination port numbers: the numbers assigned for two computers at each end to open way (port) for data exchange. Port numbers are included in the packet’s IP header. • Address translation table: a list of unique, non-unique IP addresses and port numbers written by the router. • Stub domain: a LAN network with registered IP addresses.
  4. 4. Dynamic NAT • A limited number of IP addresses is given to LAN network devices. There are a number of machines without unique IP addresses. • A computer (A) without unique IP address try to connect to another computer outside of the network (B). • The IP address of A is written into the router’s address translation table. Its address is replaced with an available unique IP addresses in the network. • Packet coming from B to A: destination IP address is checked to identify the recipient computer. • The router checks the address translation table again and change the address to the original non-unique IP address. • If no match finds, the packet is dropped.
  5. 5. Overloading • Multiplexing: concurrent connections are allowed between computers of different TCP/UDP ports. • A computer (A) without unique IP address try to connect to another computer outside of the network (B). • The IP address and port number of A is saved into the address translation table. Its address is replaced with the IP address of the router. Port number is replaced with the place that A’s information is stored in the address translation table. • Destination port of B’s packet is checked to traced back the address of A in the address translation table. Original address and port are then changed back. • The same port number is then used for the next connection between A and B. If the place is not accessed again before a certain amount of time, the entry is removed.
  6. 6. Proxies • Proxy: any device that stands between the client and server (mostly used in Web). Clients make requests to the proxy, then the proxy sends request to Web server on behalf of the client. • Proxy stores frequent visited website into local hard disk and load them when client comes back instead of downloading all data once again from the remote server (caching proxy servers). • If more than one client requests from the same Web server, proxy will make one request and distribute the data responds to all the client. • Unlike NAT, proxy is not transparent operation. It must be explicitly supported by its clients (e.g. by configuring web browser to use proxy).
  7. 7. Security and administration • Automatically provides firewall-style protection between internal and external network: no connection from outside is allowed unless contact originates from internal devices. • Extensive filtering and traffic logging: filter contents viewed by internal machines and report with a log file. • The involvement of NAT is transparent with both computers at each end. • Make network administration a lot more easier, e.g. when moving web service to another host. • Easy changes to made to internal network as the external IP addresses to deal with is either router’s or a list of global addresses.
  8. 8. Multi-homing • Multi-homing = multiple connection • The load of data packet is distributed through multiple connections to reduce the risk of failure from single connection and decrease wait times. • Different ISPs that assign different range of IP addresses are used. Routers in multi-homing network uses IBGP (Internal Border Gateway Protocol) on the stub domain side and EBGP (External Border Gateway Protocol) to communicate with other routers. • As one of the connection to an ISP fails, data is rerouted to other router.
  9. 9. How about networking games? • NAT poses problem to network game development. • Generally NAT blocks all incoming packets and remote computers are unable to initiate contact to local computers, which is bad for peer to peer games. • To overcome this people needs to manually configure port forwarding or giving first contact from inside. Or use NAT punchthrough. • Read more about NAT punchthrough:
  10. 10. Reference • NAT Punchthrough. (n.d.). Retrieved November 8, 2013, from Raknet: • Network Address Translation (NAT). (n.d.). Retrieved November 8, 2013, from Vicomsoft: • Tyson, J. (n.d.). How Network Address Translation Works. Retrieved November 8, 2013, from HowStuffWorks: • Phifer, L. (n.d.). The Trouble With NAT. Retrieved from Cisco: /about_cisco_ipj_archive_article09186a00800c83ec.html • Unity3D forum