NAT (Network Address Translation)
NAT(Network Address Translation)
NAT related knowledge reserve
1. Private IPv4 address
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
2. Advantages and disadvantages
| advantage | Disadvantage |
|---|---|
| Save IP address space | Increase forwarding delay |
| Solve the problem of IP address overlap | Loss of end-to-end addressability |
| Increase the flexibility of network access to the Internet | Some applications do not support NAT |
| Reduce the trouble of changing the IP address when the network changes | Need a certain amount of memory space to support dynamic storage of NAT entries |
| Hide the internal address to increase network security | Need to consume a certain amount of CPU resources for NAT operation |
3.NAT terminology
| the term | Explanation |
|---|---|
| Internal local | The name of the internal source address before conversion |
| External home | The name of the target host before conversion |
| Internal global | The name of the internal host after conversion |
| External global | The name of the external target host after conversion |
Three types of NAT
1. Static NAT (one to one)
One-to-one explicit conversion between internal local addresses and internal global addresses. This method is mainly used for servers that provide external services in the internal network, such as WEB and MAIL servers. The disadvantage of this method is that it needs to monopolize the valuable legal IP address. That is, if a public IP address has been defined by NAT static address translation, even if the address is not currently used, it cannot be used for other address translation.
2. Dynamic NAT (many to many)
Dynamic address translation is also a one-to-one conversion between internal local addresses and internal global addresses. However, an unused address is dynamically selected from the internal global address pool to convert the internal local address. This address is the first one in the address pool composed of unused addresses when it is defined. When the data transmission is completed, the router will put the used internal global address back into the address pool for conversion of other internal local addresses. But when this address is used, it cannot be used for another conversion.
3. Port multiplexing (one-to-many)
Multiplexed address translation is also called Port Address Translation (PAT), first of all is a dynamic address translation. The router will uniquely identify a conversion by recording the address, application port, etc. Through this conversion, multiple internal local addresses can be converted to the same internal global address at the same time and access external networks. This conversion method is very useful for situations where only a small number of IP addresses or even one legal IP address are applied, but many users often request Internet access at the same time.
Ideally, a single IP address can use 4000 ports
ENSP configuration
1. Static NAT
Topology
Configuration
[Huawei-GigabitEthernet0/0/1]nat static global 12.1.1.1 inside 192.168.1.2
Capture and view
It can be seen that the source address is replaced between the routers
2. Dynamic NAT (many to many)
Configuration
[Huawei]nat address-group 1 12.1.1.3 12.1.1.3
[Huawei-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
result
3. Port multiplexing (one-to-many)
Configuration
[Huawei-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[Huawei-GigabitEthernet0/0/1]nat outbound 2000
result
5 permit source 192.168.1.0 0.0.0.255
[Huawei-GigabitEthernet0/0/1]nat outbound 2000
result
