What is NAT?
NAT stands for Network Address Translation. It’s a method used for changing addresses in transit.
Before we get too far into that, let’s take a moment to review what addresses are.
How is a connection identified?
A connection (from your computer to this website, for example) is identified by 5 pieces of information. known as a 5-Tuple:
- Source IP address
- Destination IP address
- Source port
- Destination port
For your specific connection right now to this website, that will most likely be:
|Source IP||Your computer IP|
|Source Port||Something random, between 1024 and 65535|
These 5 pieces of information combined can identify any unique connection.
Why do we translate addresses?
Primarily, NAT is used to overcome the fact that their aren’t enough addresses in IPv4.
IPv4 addresses can be identified by typically being represented as 4 “octets” – an octet is just a number between 0 and 255 – like this: 188.8.131.52.
Iron Man 3 has a scene where a computer screen shows “Current IP address: 934.554.32.3”. Many films use invalid IP addresses like this.
Your computer IP probably starts with either 192.168, or 10. These are what are known as Private IP addresses – they are only allowed to be used in local networks, and never allowed to be used on the Internet. Because of this, there is no requirement for them to be unique – they can be reused in as many organisations as possible.
But if they aren’t unique, how can we use it to identify a unique connection, in the 5-Tuple?
By using NAT.
When you connect to this server, your computer sends a connection using it’s own address as the source address in the 5-Tuple.
Your router or firewall will translate this address – it will change the 192.168 to a different address, something that IS unique, using Network Address Translation.
What are the different types of NAT?
There are three primary kinds of NAT:
- Static NAT
Static NAT is translating one IP address to another, on a one to one basis. The source and translated addresses are defined, in such a way that one address will always translate to the other.
- Dynamic NAT
Dynamic NAT is still a one to one NAT, but using a pool of addresses. This is kind of like leasing – for a period of time, one address in the pool will be dynamically allocated to an original source address, but after some inactivity or timeout it can be reallocated.
- Port Address Translation (PAT)
Sometimes referred to as NAT overload, this allows hiding multiple original addresses behind one IP, by changing the port.
Port Address Translation is probably the most widely used type, as almost every IPv4 network (i.e. most households and most businesses) use it to hide multiple devices behind one public IP address.
There are a few other types of address translation used for specific scenarios, such as translating IPv6 to IPv4, but the main ones are the three above.
How to troubleshoot NAT
NAT can get very complex in large networks – with scenarios where 4 of the 5-Tuples are modified in transit, sometimes multiple times – this can cause a headache for network engineers.
In these scenarios, the best thing to do it grab a pen and paper, or a marker and whiteboard.
Draw out the entire network path, with each device. Annotate the source and destination IP’s and ports at each hop – both what you expect them to be and what they are (verify this with packet captures where possible).
Once it’s down on paper, you’ll often quickly spot any problems.
You should now have an introductory understanding of what Network Address Translation, or NAT, is and how it is used in computer networks.