Network
address translation (NAT)
Network address translation (NAT)
is a function by which IP addresses within a packet are replaced with different
IP addresses. This function is most commonly performed by either routers or
firewalls. This sample chapter from Cisco Press focuses on NAT within routers.
Operation
of NAT
NAT is described in RFC 1631.1
The original intention of NAT was, like classless inter-domain routing (CIDR),
to slow the depletion of available IP address space by allowing many private IP
addresses to be represented by some smaller number of public IP addresses.
Since that time, users have found NAT to be a useful tool for network
migrations and mergers, server load sharing, and creating "virtual
servers." This section examines all these applications, but first
describes the basics of NAT functionality and terminology.
Cisco NAT devices divide their
world into the inside and the outside. Typically the inside is a private
enterprise or ISP, and the outside is the public Internet or an Internet-facing
service provider. Additionally, a Cisco NAT device classifies addresses as
either local or global. A local address is an address that is seen by devices
on the inside, and a global address is an address that is seen by devices on
the outside. Given these four terms, an address may be one of four types:
Inside
local (IL) - Addresses assigned to inside
devices. These addresses are not advertised to the outside.
Inside
global (IG) - Addresses by which inside
devices are known to the outside.
Outside
global (OG) - Addresses assigned to outside
devices. These addresses are not advertised to the inside.
Outside
local (OL) - Addresses by which outside devices
are known to the inside.
Types
of NAT
NAT can be implemented using one of three methods:
Static NAT – performs a static one-to-one translation between two addresses, or between a port on one address to a port on another address. Static NAT is most often used to assign a public address to a device behind a NAT-enabled firewall/router.
Dynamic NAT – utilizes a pool of global addresses to dynamically translate the outbound traffic of clients behind a NAT-enabled device.
NAT Overload or Port Address Translation (PAT) – translates the outbound traffic of clients to unique port numbers off of a single global address. PAT is necessary when the number of internal clients exceeds the available global addresses.
Routing