1. What is NAT
In the traditional standard TCP/IP communication process, all routers only act as a middleman, which is commonly referred to as store and forward. The router does not modify the forwarded data packets. More precisely, The router does not make any modifications to the forwarded packets except replacing the source MAC address with its own MAC address. NAT (Network Address Translation) is to rewrite the source ip address, destination ip address, source port, and destination port of the data packet for some special needs.
operation. NAT Network Address Translation (NAT, Network Address Translation) is an access wide area network (WAN) technology, which is a conversion technology that converts private (reserved) addresses into legal IP addresses. It is widely used in various types of Internet access methods. and various types of networks. The reason is very simple, NAT not only perfectly solves the problem of insufficient IP addresses, but also can effectively avoid attacks from outside the network, hide and protect the computers inside the network.
NAT (Network Address Translation) was proposed in 1994. NAT can be used when some hosts within the private network have been assigned local IP addresses (that is, private addresses only used within the private network), but now want to communicate with hosts on the Internet (without encryption) method.
This method requires NAT software to be installed on the router that connects the private network to the Internet. A router with NAT software installed is called a NAT router, and it has at least one valid external global IP address. In this way, when all hosts using local addresses communicate with the outside world, their local addresses must be converted into global IP addresses on the NAT router in order to connect to the Internet.
In addition, this approach of using fewer public IP addresses to represent more private IP addresses will help slow the depletion of available IP address space.
2. There are three ways to implement NAT
Static conversion Static Nat, dynamic conversion Dynamic Nat and port multiplexing OverLoad.
3. NAT function
NAT can not only solve the problem of insufficient IP addresses, but also effectively avoid attacks from outside the network, and hide and protect the computers inside the network.
1. Broadband sharing: This is the biggest function of the NAT host.
2. Security protection: When the PC within the NAT is connected to the Internet, the displayed IP is the public IP of the NAT host, so of course the PC on the client side has a certain degree of security. When the outside world is performing portscan (port scanning) , the PC of the source client cannot be detected.
4. What are the disadvantages of NAT?
Hosts under a NAT capable router do not establish true end-to-end connections and cannot participate in some Internet protocols. Some services that need to initiate TCP connections from external networks and use stateless protocols (such as UDP) will be interrupted. Unless the NAT router makes some specific efforts, incoming packets will not reach the correct destination address. (Some protocols, such as FTP, can sometimes accommodate an instance of NAT between hosts participating in the NAT with the aid of an application-layer gateway.) NAT also complicates security protocols.
5. NAT limitations
(1) NAT violates the design principles of the IP address structure model. The basis of the IP address structure model is that each IP address identifies a connection to a network. The software design of the Internet is based on this premise, and NAT makes it possible that many hosts may be using the same address, such as 10.0.0.1.
(2) NAT makes the IP protocol change from connectionless to connection-oriented. NAT must maintain the mapping relationship between private IP addresses and public IP addresses and port numbers. In the TCP/IP protocol system, if a router fails, it will not affect the execution of the TCP protocol. Because as long as no response is received for a few seconds, the sending process will enter the timeout retransmission process. And when NAT exists, the originally designed TCP/IP protocol process will change and the Internet may become very vulnerable.
(3) NAT violates the design principles of the basic network hierarchy model. Because in the traditional network hierarchical structure model, the Nth layer cannot modify the header content of the N+1th layer. NAT destroys this principle of layer independence.
(4) Some applications insert the IP address into the content of the text, such as the standard FTP protocol and the IP Phone protocol H.323. If NAT works with this type of protocol, then the NAT protocol must be modified appropriately. At the same time, the transport layer of the network may also use other protocols than the TCP and UDP protocols, so the NAT protocol must be known and modified accordingly. Due to the existence of NAT, it is difficult to implement P2P applications, because P2P file sharing and voice sharing are based on the IP protocol.
(5) NAT has an impact on high-level protocols and security at the same time. The RFC discusses the problems with NAT. Opponents of NAT believe that this temporary solution to alleviate the shortage of IP addresses delays the process of IPv6 migration, and does not solve the underlying problem, which they believe is not desirable.