This chapter is a précis of Chapter 26 of Doug Comer's book [Comer 2004] with additional material from Section 5.6.2 of Andy Tanenbaum's book [Tanenbaum 2003] . NAT is defined in [RFC 3022] .

As the Internet grew rapidly during the latter half of the 20th Century, it was apparent that the original classful addressing scheme was not sufficient. Subnet masking and the classless addressing scheme helped conserve addresses. NAT is a third alternative that allows multiple computers at one site to operate with one global IP address. It is included in the transport layer because the most popular version (NAPT) changes port numbers as well as IP addresses.

NAT Topology

The computers at one site use local IP addresses which are private (or non-routable), and which are not valid global addresses. The three reserved ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Any datagram destined for the Internet has its private IP address replaced by the global IP address; any inbound datagram undegoes the reverse process. This is illustrated in Figure 1.

Figure 1: NAT usage

NAT runs as an in-line configuration so that all datagrams entering or leaving the site go through the NAT. NAT can be implemented in hardware or software, with software implementations being cheaper. Routers designed for a small office or home office (a SOHO router) often include software implementations of NAT (together with firewall, and other, software).

The goal of NAT is to provide an illusion. The most basic form of NAT rewrites IP addresses, as illustrated in Figure 2.

Figure 2: NAT translation

Note that whenever NAT changes a source or destination address, it must recompute the IP checksum.

Translation Table

NAT uses a translation table to implement the address changes. An example NAT translation table is illustrated in Figure 3.

Figure 3: NAT translation table

NAT places an entry in the table when a computer at the site sends a packet to the Internet. When it receives a reply, NAT finds the entry and translates the destination address.

NAPT

However, it is not all plain sailing. The basic scheme fails if two or more computers at the site communicate with the same destination, because the translation table will contain multiple entries for the remote address. It will also fail when two or more processes running on a given computer at the site attempt simultaneous communication with different destinations on the Internet.

A more sophisticated version called Network Address and Port Translation (NAPT) solves both problems. NAPT translates both the IP address and the port number. An example NAPT translation table is illustrated in Figure 4.

Figure 4: NAPT translation table

NAPT associates each datagram with a TCP connection or a 1-to-1 UDP session. The combination of IP address and port number is known as a socket. All sockets in the NAPT table are unique. Note the first two entries in the table where two computers (10.0.0.1 and 10.0.0.2) happen to use the same port number (30000).

Twice NAT

NAT breaks down when communication is initiated from the global Internet, as the NAT device does not know which computer should receive an incoming connection. A variant of NAT, called Twice NAT allows a site to run servers. It uses the Domain Name System (DNS) to interact with NAT. When an application on the Internet looks up the domain address of a computer at the site, DNS returns the site's valid IP address and places an entry in the NAT translation table. Twice NAT fails if the application uses the IP address directly without performing a DNS lookup first.

NAT At Home

NAT works well in a small office or home that has a cable modem or DSL connection. Various combinations of hub/firewall/NAT/router/wifi are available as single systems at low cost, often less than £100. This is illustrated in Figure 5.

Figure 5: Dedicated NAT device

It is possible to implement NAT on PCs. The program Masquerade implements NAT for Linux systems and Microsoft's Internet Connection Sharing (ICS) implements NAT for Windows systems.

References

1. Douglas Comer, Computer Networks and Internets with Internet Applications (fourth edition), Prentice Hall, Upper Saddle River, NJ, 2004, ISBN 0-13-143351-2. http://netbook.cs.purdue.edu
2. RFC 3022, Traditional IP Network Address Translator (Traditional NAT), January 2001.
3. Andrew Tanenbaum, Computer Networks (fourth edition), Prentice Hall, Upper Saddle River, NJ, 2003, ISBN 0-13-038488-7. http://www.phptr.com/tanenbaumcn4/