Notes On Chapter Twenty-Six -- Network Address Translation

• 26.1 Introduction
  • This chapter discusses how multiple computers can share a single IP address.
  
  
• 26.2 The Requirement For Unique Addresses
  • Sharing an IP address inside a LAN would not be possible without making many radical changes to protocols.
  • For example ARP won't work on a LAN if hosts share IP addresses.
  
  
• 26.3 Network Address Translation Technology
  • The "trick" used by NAT:
    • assign a private, non-routable interior network address to a LAN (e.g. 10.0.0.0/8)
    • Use a NAT gateway device between the private LAN and the public Internet.
    • Assign a (shared, public) IP address to the external interface between the gateway and the Internet.
    • The NAT device performs address translation to allow packets to flow in both directions between the private LAN and public Internet.
  
  
• 26.4 NAT Topology
  • All packets entering or leaving the private LAN go through the NAT device
  • Each host on the private LAN recieves a unique IP address having the private, non-routable interior network prefix.
  • Hosts on the Internet are never aware of the addresses in use on the private LAN.
  
  
• 26.5 Possible Implementations Of NAT
  • NAT can be implemented in hardware or software.
  • Typically high performance networks require a hardware implementation.
  • A multi-homed host may be used as the NAT device
  • There may be a separate, dedicated NAT device.
  • There are devices that combine the functionality of an IP router and a NAT device.
  
  
• 26.6 Basic Address Translation
  • The Internet sees the private LAN as a single host with a single IP address (say 128.210.24.6).
  • To hosts on the private LAN, the Internet seems to be aware of the private addresses, and the Internet seems able to route traffic to and from the private addresses.
  • If host 10.0.0.1 on the private LAN sends a packet to host 128.211.134.4 then the NAT changes the source address of the outgoing packet from 10.0.0.1 to 128.210.24.6 (the IP address assigned to the NAT device)
  • If a packet arrives at the NAT device from the Internet, it is addressed to 128.210.24.6 and the NAT has to change that to the private address of one of the hosts on the private LAN before transferring the packet onto the private LAN.
  • When doing address translation, the NAT must also alter the checksum.
  
  
• 26.7 Translation Table
  
  
• 26.8 NAPT and TCP Splicing
  • Typically the translation process includes port translation.
  • As shown in figure 26.4, hosts 10.0.0.1 and 10.0.0.2 on the private LAN, both using source port 30000, might both send out requests to a web server.
  • When the requests go through the NAT device (with external IP address 128.10.19.20), it might replace the 10.0.0.1:30000 source address and source port combination with 128.10.19.20:40001, and the 10.0.0.2:30000 combination with 128.10.19.20:40002.
  • Even if the two requests were sent to the same web server, after forwarding, on the Internet they will appear to have come from different sources -- two different ports on host 128.10.19.20.
  • The web server will send replies to both sources. When the replies reach the NAT device, it will know to translate the destination addresss 128.10.19.20:40001 to 10.0.0.1:30000, and the destination address 128.10.19.20:40002 to 10.0.0.2:30000.
  • The NAT device maintains tables to aid the translation process.
  
  
• 26.9 Other Variants: Twice NAT and CAT
  • As described thus far, the scheme does not accommodate servers that might reside inside the private network. A request from the Internet would ordinarily just be addressed to port 80 at the host IP address. How can the NAT device know which host and port to forward to on the private interior network?
  • There are schemes that can "get around" this problem. They require communication between the NAT device and a server on the exterior Internet.
  
  
• 26.10 NAT Software And Systems For Use At Home
  • Home networks often use NAT with a DSL or Cable Modem connection
  • Software Sharing based on NAT/NAPT:
    • Linux Masquerade
    • Windows Internet Connection Sharing (ICS)
  • Hardware Sharing based on NAT/NAPT:
    • Linksys Coporation "Routers"
  
  
• 26.11 Summary