This blog will be introduced on Network Address Translation (NAT) technology principle.
After the February 2011, IANA the world's last piece of IPv4 address space allocation is over, the source of IPv4 addresses has been exhausted, although IPv6 can solve the shortage of IPv4 address space problem at the root, but the current number of network devices and network applications are still is based on IPv4, IPv6 and therefore widely used before, the main technical means of the use of some transitional technologies is to solve the IPv4 address depletion problem . So, NAT (Network Address - Search.com) network address translation technology, mainly used to implement the functions of the internal network hosts to access external networks . When the host requires LAN access the external network, NAT technology may be converted by the address of the private network to the public network address, and multiple private network users can share a public network address, both to ensure network connectivity, but also saves the public network address. Whether the enterprise network, or a small office, home networks will be used in network address translation.
NAT application scenarios
Whether business or family networks are used in private networks, addresses certainly is a private address, network operators maintain a public network, using the public address. In the public network operators are not maintained private network routing information, so even if the route can enter a private network public network, but due to the use of a private network address for the public network equipment, it is not possible to respond , so, in order to achieve a successful host private network access the public network, you need to go up the deployment of NAT gateways in exports, which means that NAT is often deployed on the gateway connection within the network and outside the network.
Export gateway: the device itself while connected to a private network, while connected to the public network.
There are many ways of deploying NAT, this blog will be about static NAT, dynamic NAT, NAPT, easy IP and NAT server.
Static NAT
Static NAT effect achieved is a private address and a public address one mapping, i.e., a public IP address assigned to only a single host within the network and secured , as shown below, when the host A to access the external network after the source address RTA is a gateway device, will host a 192.168.1.1 RTA statically mapped to a fixed public IP address 200.10.10.1, to access the public network server, when the server receives the public network, find the source address is a public address and the public network address in its routing table, it will respond, then through the gateway device, the gateway device and will be converted into a private destination address 200.10.10.1 in the back of the pack during the network address 192.168.1.1 into the private network, to achieve the effect of static NAT is a private address and the address of a total of one to one mapping, that is to say, a public IP assigned only to a unique and fixed network host. this mode is used very little.
Dynamic NAT
Dynamic NAT, is to achieve the conversion of private address to a public address based on the address pool , that will need to configure NAT address pool on export gateway device, the NAT address pool there will be a lot of public addresses, when the host to visit when the external network, the NAT gateway which NAT address pool to pick a public network address as the private IP address of the conversion target, in fact, this dynamic deployment of NAT NAT is one to one, as shown in FIG. ,
host a with source address is 192.168.1.1 private network address to access the external network, to the egress gateway (RTA) later, the RTA is to automatically select an available public network address from the address pool, as a source address conversion after converting the original address of the private network to a public address, go to access the Internet, dynamic NAT used in real life is also relatively small.
Naft
Life is used more NAPT (Network Address Port Translation) , this approach is to allow a plurality of internal addresses are mapped to different ports of the same shared address , as shown, in FIG
the RTA (egress gateway) receives a private the host sends a packet, the source IP address is 192.168.1.1, source port number is 1025, the destination IP address 100.1.1.1, port object 80. RTA choose public IP address and port number from a free address pool of public network, and establish appropriate NAPT entry. The NAPT entry specifies the mapping between messages private IP address and port number with a public IP address and port number. After, the RTA the packet source IP address and port number into a public address 200.10.10.1 and the port number 2843, and forward the packet to the public network. When the gateway RTA receive a reply message will be forwarded to the host according to the mapping table after the previous conversion again A.
Easy IP
Another is the Easy IP , with a relatively wide range, can be used in PPPoE dial-up scenario, because by PPPoE or DHCP private network IP address is the way to get there is no way to know ahead of time, so to get this dynamic ip address ( ip address is not fixed scene) scene, when you want to do network address translation, generally using Easy IP, Easy IP principle is when the packet came, all converted into a different port on the gateway interface , as shown below,
the RTA receives a request packet to the public network host a, the packet source IP address is 192.168.1.1, source port number is 1025. RTA will create Easy IP entries, these entries specify the mapping between the source IP address and port number with a public IP address and port number of the interface. Thereafter, Easy IP matching entry, the packet source IP address and port number into an IP address and port number of the interface, and forward the packet to the public network. IP source address of the packet into 200.10.10.10/24, the corresponding port number is 2843.
After the router receives the reply packet, the destination IP address and port number of the packet, a query Easy IP entries. Easy IP router according to the matching entry, the packet destination IP address and port number into an IP address and port number of the host private network, and forward the packet to the host.
NAT server
Life, usually through the NAT server, the external network users to access internal servers . Therefore, NAT server typically used in some large enterprises in some servers require opening up, but do not want private network server ip address opening up (if the ip address of the server open, unsafe) , then this time, ip address of the server will be mapped to a public iP address through the gateway device, the user when accessing these servers are accessing the public network with the corresponding address, as shown, below 
the host need C private network access server, sending packets destination IP address is 200.10.10.1, the destination port number is 80. Will find the address translation table entry after the RTA received this message, and destination IP addresses into 192.168.1.100, destination port number remains unchanged. After the server receives the message will respond, RTA received private network server sent a response packet, according to the source IP address of the address 80 query packets 192.168.1.100 and port number translation table entry. Then, the router according to the address translation table entry matches, the packet source IP address and port number into a public IP address 200.10.10.1 and the port number 80, and forward the packet to the destination host on the public network.
Deploy NAT server, but the server will open a particular service to the user, and is not the same as static NAT, all services are available to users .
These are some of the principles on NAT technology.
