Sometimes, less is better, especially when it comes to IPv4. While this might sound weird, considering the scarcity of those IPv4 addresses, what we will discuss today actually works in favor of the Internet. So, how do you turn ‘more’ into ‘less’ and make it work?
The answer is NAT (Network Address Translation), a process that allows multiple unique private IP addresses to share a single public IP address in order to connect to the Internet. It’s a highly useful method that has multiple use cases. The overall result of employing NAT is that multiple devices can employ a single IP address when transferring information. Before talking about how NAT works, we must first understand what public and private IP addresses are.
What is a public IP address?
As we discussed in our previous articles, IP addresses come in many different types. However, we will talk about public and private IP addresses when it comes to NAT. Public IPs are addresses used on the Internet. Each device that wants to connect to the Internet must have its own, unique public IP address.
These addresses can be accessed directly over the Internet and are assigned to your network router by RIR (Regional Internet Registry) or an IP broker. You can simply think of a public IP address as your home address. Therefore, a public address is visible on the Internet and essentially it is how your router communicates with the web.
What is a private IP address?
Private (internal) addresses are not routed on the Internet, and no traffic can be sent to them from the Internet. Because of that, they work only on the internal/local network, also known as LAN (Local Area Network). In short, this is how devices connected to the same internal network connect and communicate with each other.
Private IP addresses are part of specific private IP ranges reserved by the Internet Assigned Numbers Authority (IANA). In fact, millions of private networks worldwide use reserved IP addresses within these three ranges, or subnets, as follows:
Class A: 10.0.0.0–10.255.255.255 (a /8 mask)
Class B: 172.16.0.0–172.31.255.255 (a /12 mask)
Class C: 192.168.0.0–192.168.255.255 (a /16 mask)
The addresses in these ranges are intended for use in closed local area networks. Though they are not wide, they can be reused, since local networks all work independently from each other.
Devices with private IPs can always send online requests for data. But if the source IP remains private, the receiving server won’t know where specifically to return data to. And this is precisely where NAT comes into play.
So, how does NAT work?
When a device from a local network wants to send data requests to an external network, a NAT router or a NAT firewall will convert the device’s private IP address into a public IP that can access the Internet. In doing so, NAT makes sure that the data is sent to the right place because the server will know where to send back the response (using the specific public IP address provided by NAT).
It’s way easier to think of it as sending physical mail and requesting return service. If you keep your address private/anonymous, the sender won’t know where to send the package back. By using NAT, the information will make it back to the requesting device using the router’s public address, not the private IP of that device.
Let’s break this process down into steps and see how the translation is employed.
Step 1: Let’s say you connect your device to a Wi-Fi network.
Step 2: The router assigns your device a private IP address.
Step 3: You want to use your device to access a web page. This will send a request across the Internet via your router.
Step 4: The NAT router or firewall will change the source address of the request. This means that your device’s private IP will be changed to a public IP your network will use to access the web page. This is called a translation and will be saved in a NAT table.
Step 5: The server you are trying to access will return the requested data to your network’s public IP address.
Step 6: Your router will change the destination address back to your device’s private IP address and send the information to your device, resulting in you being able to see what’s on that web page.
This is super helpful when you have multiple devices on a local network, each with its own private IP address. By mapping all of these private IPs to a single public IP, you are able to access the Internet while NAT takes care of directing the returning information back to the correct device on your LAN.
How many types of NAT are there?
Remember when we mentioned there are different types of IP addresses out there? Well, naturally, there are different types of NATs as well. In fact, there are three such types, and the first two have to deal with static and dynamic IPs.
As a quick reminder, static IPs never change. A device’s static IP stays the same until that device is decommissioned or your network architecture changes. In contrast, a dynamic IP address is a temporary IP that constantly changes. If a dynamic address is not in use, it can be automatically assigned to a different device.
With that being said, what’s the deal with the different types of Network Address Translations?
Well, it depends on the use case. And for that, we are talking about two main use cases:
- To access the Internet with non-routable IP addresses
Static NAT – This one uses a constant public IP address each time it converts a private IP address to a public one. In other words, the public IP remains unchanged with each translation process.
When Static NAT is employed, all private, unregistered addresses on a network are mapped to specific public addresses. The result is that each device on the network is associated with a specific public address.
This is a solution more suitable for web hosting. Large organizations rarely use it, as they would need to purchase a public IP address for every connected device.
Dynamic NAT – This is the opposite of the static translation method. In this case, Dynamic NAT uses different public IP addresses rather than the same one over and over again.
Dynamic NAT goes through a pool of public IP addresses. When it translates a private IP to a public one, the dynamic translation lets routers choose any public IP address from the pool. So, the router / NAT device will get a different public address each time they translate private to public addresses.
This is a great way to use IP addresses more efficiently. However, it might be costly for organizations to configure Dynamic NAT. That is because organizations would need to invest in a big enough range of publicly registered IP addresses.
Even though this means that more devices can connect to the Internet on a network, it is also important to know that the number of data packets sent and received at any given time is limited by the number of public IP addresses available. For example, if the pool only has 20 public IPs, then only 20 local/private IPs can be translated at any given time.
The key difference between dynamic and static NAT
It’s all in how private IPs are mapped to public ones. In the static translation, IPs are associated 1-to-1, from private to public. So, each device with its specific private IP always uses the same public IP.
When it comes to dynamic NAT, the router will pick public IP addresses for translation from a pool. As a result, a device with a private IP address will be assigned a different public IP each time it accesses the Internet. Generally speaking, organizations use them both, even though both methods require investment in global IPs.
Port address translation (PAT) – This is also called ‘NAT overload’. It mainly functions as a dynamic translation, but with some key differences. Essentially, instead of each private IP address being mapped onto a single unique public IP address, multiple private addresses are grouped together to use a single public address.
This means that the router or NAT firewall will use port numbers to distinguish the traffic instead of using IP addresses to identify the source device. These port numbers are assigned to the devices within the specific network. By doing this, the router can thus return data packets to multiple devices through a single public IP address.
PAT is considered the most cost-effective form of Network Address Translation because it requires the smallest number of public IPs to be acquired by a company. With the help of PAT, lots of devices connected to a local network will be able to access the Internet using the same public IP address.
- To reach services hosted on private IP addresses inside an enterprise’s infrastructure
Destination NAT (DNAT) – DNAT stands for Destination Network Address Translation. It changes the destination address in the IP header of a packet. In human language, DNAT changes the public IP back into the private IP of your local network.
DNAT is used when redirecting incoming data from a public address or port to a private IP address or port inside your local network.
We also mention ports because DNAT can also change the destination port in the TCP (Transmission Control Protocol)/UDP (User Datagram Protocol) headers. So, DNAT is a one-to-one, static translation that can also perform port forwarding.
Why is Network Address Translation so important?
The Internet has grown so big lately that we need clever methods to be able to access it safely and efficiently. Therefore, NAT is one of such important methods that always comes into help.
To begin with, NAT acts as an additional security layer, placed between the devices on a private network and the rest of the Internet. The NAT router or firewall can sort and check the data as it is being transmitted to a device. This is helpful in preventing unauthorized access to the private network, thus protecting the devices in use. This is why many network engineers use Network Address Translation as an extra way of protecting the devices in their network from cybersecurity threats.
However, private IPs do not offer full protection against online threats. It should go without saying that you need to consider additional encryption measures that bolster the security of your network and data, such as business VPNs.
Secondly, it can help with reducing the global demand for IPv4 addresses. It is a noteworthy advantage, as the fourth version of the Internet Protocol is struggling to meet the demands of billions of Internet users across the globe.
If every device of each and every private network was assigned a particular, public IP address, we would quickly run out of available IPv4 addresses. In theory, 4,3 billion IPv4 addresses sound like a lot, but the Internet has become much, much bigger than that. So if you’ve been wondering how we can access the Internet with more devices than the current number of IPv4 addresses, NAT is one of the answers.
Using a single public IP address for multiple devices on a network ensures that the assignment of public addresses is done as efficiently as possible.
Network Address Translation is among the most interesting and clever methods of ensuring devices access the Internet efficiently and securely. NAT is responsible for translating the private IP of a device into a public one so that it can connect to the Internet.
Translating networks is important because it helps the returning information make its way back to the correct device within a private network. This is usually done through a NAT router or firewall.
There are different types of NATs, each with its own ups and downs, but overall, the entire process is instrumental in preserving the lifespan of IPv4 by managing and assigning it as efficiently as possible.