NAT-depth analysis of the type and Conversion Theory
http://www.m6000.cn/other/459.html
everybody knows. NAT is located between the inner and outer network, used for internal, external network address translation, the current IPv4 is still the mainstream IP network protocol, application NAT technology is very wide, because it can save public network IP address shortage . But do not think that NAT technology is very simple, just think to convert the internal (or external) address to an external (or internal) address. In specific applications, NAT application mode, or NAT type is very large, this paper Cisco equipment in NAT technology for some introductory configuration of basic knowledge and applications from a professional point of view, a comprehensive NAT configuration and application when see I have to write "gold network management division - and medium-sized enterprise networking, configuration and management," a book, to be published next year or the "Cisco / H3C completely manual router configuration and management," a book.
A, NAT type
NAT router is configured as a non-registered IP address of the internal local (inside local addresses) converts an internal network (inside network) IP address is registered (registered IP addresses). When a non-registered IP address of the device used in the internal network to communicate with the external public network (public network), will be used NAT. In the Cisco device (including firewalls, routers, Cisco or contain a computer-related software), NAT is in many forms and ways of working. This is the application before you configure NAT on a Cisco device must be mastered.
n Static NAT (Static NAT)
Static NAT is the non-registered IP address (such as a local LAN IP address) to a one to one mapping of IP addresses registered (eg public IP address). This is particularly useful when the network device needs to access the Internet with a public IP address. But be sure to pay attention to, just to name a single positive direction IP address translation, can actually be the opposite direction, or both the transition to IP address, the following NAT and dynamic NAT multiplexing, too, can have a positive, anti to, or two-way conversion.
1 shows a static NAT application example (note the direction of the arrow). 192.168.32.10,192.168.32.12 internal network and three special 192.168.32.15 IP address through the router device when accessing the public network, is converted into the corresponding 213.18.123.110,213.18.123.11 and three public 213.18.123.12 IP address and they'll also see the three public IP address.
Static NAT Application Example 1 FIG.
n dynamic NAT (Dynamic NAT)
Dynamic NAT mapping is non-registered IP address to a group of registered IP addresses, the specific mapping is a mapping relationship between the IP address which the two groups, and specific public IP address pool configured time depends on the communication. But in the end non-registered and registered IP address or IP address of the one to one mapping.
FIG 2 is an example of a dynamic NAT application. With a range of three IP addresses within the network is 213.18.123.100 213.18.123.150 to the public IP address pool mapping. The end result is, 192.168.32.10 mapped 213.18.123.116,192.168.32.12 map is 213.18.123.112, and 192.168.32.15 mapped to 213.18.123.125, .......
Dynamic NAT Application Example 2 FIG.
n multiplex converter (Overloading) NAT
NAT is a form of multiplexing of dynamic NAT. It is a different IP address and port combination, a plurality of non-registered IP address mapping to a registered IP address. FIG 3 is an application example of the NAT multiplexed. Example all users in the local network to access the public network via a router, it will be mapped to a single public IP address --213.18.123.100, except that different ports used only (101, port number, respectively). This is more nervous about public IP addresses, and deployed within the network and is especially useful when multiple application server, you can configure multiple application servers through a public IP address.
FIG 3 transmultiplexing NAT Application Example
n overlap conversion NAT (Overlapping NAT)
NAT is a switching converter the conversion mode, the external network IP address. This way appears NAT inner and outer networks are public network IP address registered to use. When your internal network hosts using the IP address of the registration, the router must maintain a mapping table, so that the router can be internal, two registered IP address outside the network were overlap conversion. The role of these two aspects: First, to avoid internal host real public IP address is exposed network users, on the other hand the user can use the same internal network IP address of a non-exclusive network IP address outside the network caused by the conflict. This NAT either, and can be achieved by using static NAT to perform dynamic DNS and NAT.
FIG 4 shows an example of application of a conversion of NAT overlapping. In the private network, a public network host is assigned a registered IP address 237.16.32.16, converted by the router connected to another public network become registered public IP address 213.18.123.103. While the return message from the external network IP address of the server will convert into a network through a router assigned fixed public IP address registered 237.16.32.10.
FIG overlap translation NAT Application Example 4
Two, NAT term
Here are a few terms used to describe closely related to Cisco NAT technology, the NAT understanding of this technology works is very important.
n internal network (Internal Network)
Usually it refers to a local area network, also known as residual domain (stub domain). Residual domain using the IP address of the internal network, but may be registered IP address or a non-registered IP address. All computers use unregistered IP addresses must use the NAT and then communicate with other networks.
n external network (External Network)
All networks outside of the local private network can be seen as an external network. Of course, the external network may be another private network, it can be a public network such as the Internet. The user on the external network using the same IP address may be a register or a non-registered.
n local address (Local address)
In IP address, local address and it can be divided into two categories according to the role of the global address range of IP addresses. Local address is the only local users can access the network, and only act on the IP address of the local network. This is a non-registered type of IP, can not use the Internet and other public networks.
n global address (Global address)
Local address should be the IP address of a relative. It is the IP address can access for users worldwide, of course, is a legitimate IP address registered in the public network.
n internal local address (Inside local address)
This is a local address, refers to the IP address assigned to the internal host. The IP address of the computer or operating system services such as DHCP and the like are assigned IP addresses are not registered by the NIC (Network Information Center, Network Information Center) or ISP uniform distribution.
n external local address (Outside local address)
This is also another local address, local address is the same as the internal nature of the external network host IP address, nor is it a legitimate Internet IP address. It is assigned by the operating system or an external computer network services such as DHCP or the like.
n internal global address (Inside global address)
This is a global address, registered IP address assigned by the NIC or service provider. For external networks, they play one or more internal IP address of this address.
n external global address (Outside global address)
This is another global address, inside global address is the address of the same nature of external hosts global address. For external network, they also play one or more IP addresses of this address.
Three, NAT address translation principle
Most computers in the residual domain using an internal local address (Inside local addresses) for communication. When the residual domain Some computers require frequent communication with an external network, you need to configure an internal global address (Inside global addresses) for them, so that without conversion can directly communicate with the external network.
Overall, NAT address translation process is the process of converting the global address into a local address, whether the packet is sent from the internal network to the external network, sent from the external network or an internal network. Except that different local and global addresses corresponding to the network. Specifically as shown in FIG.
Figure 5 NAT NAT basic principles
In the above conversion process, when there is still an internal packet network location as a source address of the internal local address and a local address as an outer destination address; and when the data packet is switched to the external network, the source address of the packet will be transformed into an inside global address, the destination address is converted to outside global address.
In contrast, when the packet is sent from an external network location, and still located at the foreign network, its source address is the external global address, the destination address is the internal assigned address; and when the data packet is switched to the local network, the source external address is converted into a local address, the destination address is converted to the internal local address.
Or more detailed address conversion shown in FIG. 6.
Address Figure 6 NAT conversion principle
The basic principle of the conversion data packet when sent from the internal network to the external network as follows:
(1) When the internal configuration of the residual domain address locally to communicate with an external computer network, the packet reaches the NAT router through normal routing to the gateway. Packets encapsulated using the internal local address as the source address, destination address for the external local address.
(2) NAT router first checks whether a routing table entry containing the packet's destination address in the routing table. If the destination address does not match the routing table top, then the packet is discarded. If the routing table entry matches the destination address, the router verify whether the data packet is sent from the internal network to the external network, and checks whether the packet matches the configured NAT. Then, check the router address translation table to see if there NAT table entry contains the internal local address and inside global address. If found, the source address of the packet is put replaced with a local internal global address; static NAT configuration only if, the packet without static NAT table entry matches, the packet is not converted, and directly forwarding route.
(3) using an internal global address router, the data packet sent to the destination address.
When a packet is sent from the public network to the internal network, the basic principle of the conversion of NAT as follows:
(1) the packet data transmitted on a public computer network to the private network, using an external source address is the global address, the destination address is encapsulated inside global address.
(2) When the packet reaches the internal network, NAT is a router table lookup address translation and a destination address, is mapped to the residue field (private internal network) of the computer.
(2) If there are matching entries NAT, the router converts an internal global address into an internal local address, and then sent to the destination computer before checking the routing table. If no matching entry in the NAT table, the data packet is not converted directly check the destination address matches the routing table. If no routing table entry with the destination address, the packet is discarded.