Detailed NAT (Network Address Translation)

Language 2023-07-28 17:35:01 views: null

In one sentence, it is clear what it does:

Network address translation: refers to converting the private network address into a public address, thereby hiding the internally managed IP address from the outside, which enables the entire private network to access the Internet with only one global IP, because the private network IP address can be reused, so NAT greatly saves the consumption of IP addresses.

concept:

NAT (Network Address Translation), which refers to network address translation, was proposed in 1994.

When some hosts in the private network have been assigned local IP addresses (that is, private addresses used only in the private network), but want to communicate with hosts on the Internet (no encryption is required), the NAT method can be used .
This method needs to install NAT software on the router that connects the private network (private network IP) to the Internet (public network IP). A router equipped with NAT software is called a NAT router, and it has at least one valid external global IP address (public IP address). In this way, when all hosts using local addresses (private network IP addresses) communicate with the outside world, their local addresses must be converted into global IP addresses on the NAT router in order to connect to the Internet .
In addition, this method of using a small number of global IP addresses (public IP addresses) to represent more private IP addresses will help slow down the depletion of available IP address space.

Method to realize:

  • Static conversion: one-to-one, the mapping relationship between private ip and public ip will not change
  • Dynamic conversion: also one-to-one, but each time the mapping relationship between private ip and public ip is different
  • Port multiplexing (that is, Port Address Translation (PAT, Port Address Translation)): All hosts on the internal network can share a legal external IP address to access the Internet, thereby saving IP address resources to the greatest extent. At the same time, it can hide all hosts inside the network, effectively avoiding attacks from the Internet. Therefore, the most widely used method in the network is the port multiplexing method.
    insert image description here

NAPT (Network Address Port Translation), that is, network address port translation, can map multiple internal addresses to a legal public network address. NAPT is also called "many-to-one" NAT, or PAT (Port Address Translations, port address translation), address overloading (address overloading).
NAPT is different from dynamic address NAT. It maps the internal connection to a separate IP address in the external network, and adds a TCP port number selected by the NAT device to the address. NAPT can be regarded as a more popular variant of NAT, which provides concurrency by converting TCP or UDP protocol port numbers and addresses. In addition to a pair of source and destination IP addresses, this table also includes a pair of source and destination protocol port numbers, and a protocol port number used by the NAT box.

PAT is called Port Address Translation, and NAT is called Network Address Translation.
PAT can be regarded as a part of NAT.
When using NAT, consider a situation where there is only one Public IP, but there are multiple Private IPs inside. At this time, NAT will track and record different sessions by mapping UDP and TCP port numbers, such as users A, B, and C at the same time . To access CSDN, the NAT router will map the access of users A, B, and C to 1088, 1098, and 23100 respectively (for example, it is actually dynamic), and it is actually PAT at this time.

Inferred from the above, PAT can theoretically support (65535 - 1024) = 64511 connection sessions at the same time. However, in actual use, due to the equipment performance and physical connection characteristics cannot be achieved, the router NAT function of CISCOEach Public IP can effectively support up to about 4000 sessions

PAT is commonly used in access devices, and it can hide small and medium-sized networks behind a legal IP address. PAT is different from dynamic address NAT,It maps the internal connection to a separate IP address in the external network, and at the same time adds a TCP port number selected by the NAT device to the address. That is, multiple internal IP addresses are mapped to the same external address by using multiplexing technology or changing the source port of outgoing data.

Focus on understanding

Reference Blog NAT Network Address Translation

NAT overloading (often used in practice)
This is the most commonly used type of NAT. NAT overloading is also dynamic NAT, **it uses the source port to map multiple private network ip addresses to one public network ip address (**many to one). So what's so unique about it? It's also known as Port Address Translation (PAT). By using PAT (NAT overloading), thousands of users can be connected to the Internet with only one public IP address.Its core is to use the port number to realize the conversion between the public network and the private network

In the face of a large number of hosts in the private network, if NAT only performs a simple replacement of the IP address, there will be a problem: when multiple internal hosts access the same server, the returned information is not enough to distinguish the response should be forwarded to which internal host. At this time, the NAT device needs to distinguish different sessions according to the transport layer information or other upper-layer protocols , and may need to convert the identification of the upper-layer protocol, such as the TCP or UDP port number . In this way, the NAT gateway can map different internal connection accesses toSame public IPofDifferent Transport Layer PortsIn this way, the multiplexing and demultiplexing of the public network IP are realized. This method is also called port conversion PAT, NAPT or IP masquerade, but more often it is directly called NAT because it is the most typical application mode.
insert image description here

  • For example, the client 172.18.250.6 communicates with the Baidu server 202.108.22.5. When 172.18.250.6 sends data, it is first converted to 219.155.6.240:1723 (any random port > 1024), and then uses this identity to send data to Baidu The server, and then the Baidu server responds to the data and sends it to 219.155.6.240:1723. The NAT gateway checks its association table, realizes that this is the data packet of 172.18.250.6 in its own private network, and then sends this data to the client

  • In other words, we use the uniqueness of the port number to realize the step of converting the public network ip to the private network ip. PAT (NAT overload) can use the transport layer port number to identify the host, so, theoretically, up to about 65,000 hosts can share a public IP address

Guess you like

Origin blog.csdn.net/hhb442/article/details/131960626
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com