5.4.2 Network Address Translation NAT

Enterprise 2023-06-24 23:13:55 views: null

5.4.2 Network Address Translation NAT

We know that in order to alleviate the shortage of IPv4 addresses, a series of solutions to alleviate address exhaustion have emerged, such as realizing the reuse of network addresses among multiple physical networks through subnetting ( 5.2.8 Subnet addressing ) , address categories are eliminated through classless addressing ( 5.2.9 classless addressing and CIDR ), address blocks are allocated according to network scale and actual needs, and local addresses are used inside the private network ( 5.4.1 virtual private network VPN ) so that To save address space, here we need to think about a question. If an internal network uses a local address, how to communicate with the external network?

as shown in the picture

NAT

We know in 5.4.1 virtual private network VPN that the communication between the two departmental networks can be realized by using tunnel transmission, but if the host X in the network of department A wants to access the Baidu server on the Internet, what will it be? situation? This is our new problem. Of course, there is no problem with the transmission from X to the server, because the destination address is the IP address of the Baidu server, which belongs to the global address, but what about the reverse? That is, the Baidu server encountered a problem when returning the datagram. Since the destination address of the datagram belongs to a private address, it cannot be transmitted through the Internet, so how do we solve it? Please note that a legal global IP address must be assigned to the router R1 connecting the internal network A to the Internet, as shown in the figure is 218.2.216.24, otherwise the internal and external networks cannot communicate with each other. We can use this global address to serve all hosts in the intranet, and realize address translation by installing NAT software on router R1.

1. Network Address Translation NAT

Network Address Translation NAT (Network Address Translation), a router equipped with NAT software is called a NAT router, it will have at least one global IP address, and all hosts using local addresses must be on the NAT router when communicating with the outside world Convert its local address to a global address to connect to the Internet.

  • The Network Address Translation (NAT) method was proposed in 1994 to solve the problem of communication between the internal network and the external network with local addressing.
  • It is necessary to install NAT software on the router connected to the Internet on the private network. The router equipped with NAT software is called a NAT router, and it has at least one valid external global address IP.
  • When all hosts using local addresses communicate with the outside world, their local addresses must be converted into global addresses on the NAT router in order to connect to the Internet.

Two, NAT realizes the working principle of address translation

as shown in the picture

send

For ease of understanding, I simplified the network connection diagram as shown in the above figure. On the left is a host in the internal network, which is assigned a local address of 10.10.138.174. It wants to access Baidu's server www.baidu.com, and the server address is 115.239. 211.110. Obviously, the request message generated by the internal host first arrives at the router installed with NAT software, and then is transmitted to Baidu's server through the Internet. Here we will explain how the address of the datagram generated by the internal host changes during transmission. Yes, the IP datagram sent by the source carries the source IP address 10.10.138.174 and the destination address 115.239.211.110. After the datagram is delivered to the NAT router, the NAT software running on the router will replace the original internal address with the NAT router Configure the global IP address 218.2.216.24, and record the pair of addresses before and after the replacement and the address of the external network host in the mapping table. The mapping table includes three items of information, namely, the private address, the NAT global address, and the external address after address translation . The message can be sent to an external server through the Internet.

The server returns data as shown in the figure

return

After receiving and parsing the request message, the server generates a response message. In the header of the response message, the source IP address is filled with 115.239.211.110, and the destination IP address is filled with 218.2.216.24. The response message is transmitted to the NAT router, NAT software Find the corresponding internal IP address 10.10.138.174 in the mapping table according to the target address and server address, and replace the destination address, that is, replace the global address 218.2.216.24 with 10.10.138.174, and then complete the delivery of the datagram .

From the perspective of the translation process, address translation occurs in both directions. Convert the private address into a global address in the source address field from the intranet to the extranet, and convert the destination IP address from the global address to the private address when transferring from the extranet to the intranet, although the idea of ​​conversion is It is easy to understand, of course, the address conversion here is very limited, that is to say, if the NAT router is only configured with a legal global address, two or more hosts in the intranet will not be allowed to access the Baidu server at the same time, of course, in the process of network operation This is very unrealistic. Therefore, it is not enough for us to perform IP address translation only. The actual NAT software also needs to use the address translation of the transport layer . We will talk about the address translation of the transport layer later. **Here we only need to know that the address of the transport layer is called the port number. **Used to represent the identity of the application process that sends or receives data. Let's take a look at how NAT software works after port translation is introduced.

as shown in the picture

port send

Similarly, the source host generates a request message with the same source and destination addresses as before. The source port number identifying the client process is 21043, and the destination server port number is 80. After the request packet arrives at the NAT router, the source IP address is replaced with The global address is 218.2.216.224. At the same time, the source port number has also changed (note here), from the original 21043 to 14013. The corresponding relationship between these two pairs of addresses is also recorded in the mapping table together with the destination port number and protocol number. , due to the introduction of port number conversion, the mapping table at this time is different from the previous mapping table. In addition to the private address and the external address of the NAT global address, four fields are added: internal port, NAT port, external port, and protocol. .

The server receives the returned data as shown in the figure

port return

After the server receives and parses the request packet, it returns a response packet, in which the source IP address is 115.239.211.110, the destination IP address is 218.2.216.24, the source port number is 80, and the destination port number is 1403. The address information is used to search the mapping table, and after finding the matching table item, the corresponding replacement work is completed for the destination IP address and destination port number, that is, the internal port is used to replace the NAT port, and the internal network address is used to replace the global address of the router. After address translation After that, the changed datagram can be smoothly transmitted to the destination host.

Through these few examples, we have a basic understanding of the working principle of NAT. Here we discuss together. If the NAT router is only configured with a global IP address, can two hosts on the internal network ping the same host on the external network at the same time? We can use the process of NAT address translation for analysis. Welcome everyone to participate in the discussion in the comment area.

Guess you like

Origin blog.csdn.net/nytcjsjboss/article/details/131304143
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com