NAT, as it's affectionately called, helps to preserve and protect your IP address by translating a set of private IP addresses into one public IP address. Network Address Translation (NAT) is a technology that can help conserve IP addresses while providing security to your library, and possibly save money spent on additional IP addresses. It was created to address the shortage of IP address space caused by the inefficient allocation of addresses in IPv4 (that is, version 4 of Internet Protocol, the network software that has acknowledged limitations in this area). NAT also can help simplify changes to your network if you switch Internet Service Providers (ISPs) or make changes to your network. It is embedded in many network devices and computer operating systems, is easy to use, and is a standard that is widely supported by a variety of vendors. Why do we need NAT? When the Internet was first mapped out, no one expected the exponential growth that would lead to its current state. In fact, this rapid growth led to inefficient planning of Internet resources. One such resource was the protocol of the Internet - TCP/IP (Transmission Control Protocol/ Internet Protocol). TCP/IP version 4 specifically was designed to address the host computers accessing the Internet. However, what nobody realized was that poor allocation of the IP addresses would lead to a shortage. Furthermore, as we look to the near future, many devices -- computers, cell phones, toasters -- are going to have an IP address, which will further strain the IP address pool. Many solutions have been created to address this problem. Some are long-term solutions such as IP version 6 (see additional resources at the end of this document for further information), which will restructure the entire addressing scheme of the Internet. Others are short-term solutions such as CIDR (Classless Inter-Domain Routing) and NAT (Network Address Translation). The first two make my head hurt so let's talk about NAT. A little Internet (TCP/IP) history When TCP/IP was developed, several groups of IP addresses were set aside for experimentation and research purposes. “Private IP addresses” were created. These consist of IP addresses that cannot be routed on the Internet but were intended for use on private Internets or local networks. These groups of addresses include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255 and 192.168.0.0 to 192.168.255.255. “Private IP addresses” contrast with “Public IP addresses.” Public IP addresses are unique, valid IP addresses that can be routed across the Internet. Private addresses can be used on Local Area Networks (LANs) that do not connect to the Internet. Another term used for private IP addresses is local - IP addresses that are local to your network. Similarly, the term global IP address is used in place of public - IP addresses that are globally unique. To be a host on the Internet, it is necessary to have a unique, valid public IP address. Imagine that you share the same IP address as another host on the Internet. If you were to request information from a Web site, to which address would the information be returned? In order for computers to talk to one another they must have a unique identifier, similar to a unique telephone number or street address. However, we know that there are a limited number of available IP addresses while the number of hosts on the Internet continues to grow. This is where NAT comes in. How does NAT work? Network Address Translation (NAT) translates one IP address to another. Using NAT, IP addresses can be translated from private IP addresses to public, Internet-routable IP addresses. What does this mean for your library? It means that you can address your network with private addresses and have them translated to public addresses when you go out to the Internet. Furthermore, NAT will allow for all of your internal, private addresses to be translated to ONE public IP address, conserving IP addresses and preventing your library from purchasing large blocks of IP addresses from your service provider. A little technical aside here: NAT is actually a one-to-one translation, which means one private address is translated to one public address. Dynamic allocation of these addresses to be translated, theoretically, would allow you to conserve valid IP addresses. With the growth of networks and the number of hosts needing Internet access, many organizations did not find this system all that helpful. Instead, many organizations use Port Address Translation (PAT), which translates several private addresses to one public address by associating a port number to the IP address. Many times when people say their routers use NAT, technically they are using PAT, but for our purposes we are just calling everything NAT. So great, you have conserved a couple of IP addresses, so what! Well actually there is more to the story. NAT not only conserves IP addresses but it also is an added security feature for your network and it aids in the administration of your network. Typically, NAT runs on a border router, or the last router on your network before you connect to the Internet. The router has an interface that connects to the Internet and one that connects to the Local Area Network. The interface that connects to the Internet will have a valid public address whereas the internal interface will have a private address -- the router performs the translation. When an internal computer accesses the Internet the address is translated to the ONE public IP address, the same one on the external interface of the router. So from the outside, or hacker point of view, all traffic looks like it originates from the same source, the router. This gives a level of protection to your network because it hides all internal IP addresses of your computers from hackers. NAT in your network Since NAT is an industry standard (RFC 1631), it runs on practically everything. Your border router doesn't have to be an expensive, top-of-the-line Enterprise router. Just about any router on the market is going to run NAT. This includes the branch office SOHO routers or even the DSL/cable routers, which can be found for under $100. So if you are currently on a DSL Internet connection you only need to purchase one IP address from your DSL provider and run NAT on the DSL router. An added benefit to these routers is they run what is called “reverse mapping.” Let's say that you are hosting your own Web site. You need to have a valid public address for your Web site. The border router can be set up to make a “static translation” so that traffic incoming to the Web site will be mapped to the private IP address on the Web server. Reverse mapping just takes a simple modification to the router configuration. Many routers now use a graphical user interface (GUI) so that performing these changes is very simple. Additional scenarios where NAT could help your network Let's look at another scenario. Pretend for a moment that you have a small network and you have addressed all of your computers with valid public IP address. Your service provider is not living up to your expectations and you want to switch to a different provider. After completing the headache of switching to a different ISP and receiving a new range a public IP addresses, you must now readdress all computers on your network. If you were running NAT on your router then all computers could maintain the same internal private IP address (like 10.0.0.1). The only change would be a new IP address on the external interface of the router and a couple of routing statements - easy! Some other great uses of NAT include the following: Use with stub networks, or networks that only have one connection to the Internet. Merging two existing networks together that have different addressing schemes. Joining a network to the Internet for the first time. Some situations where NAT does not work One word of caution before implementing NAT in your library, as there are some applications and protocols that do not play well with NAT. While most networking applications will work with NAT, some may carry IP addresses inside the application, and these will not run without modifications to the NAT statement on the router. A majority of vendors have modified their software to accommodate NAT, as it is in such wide use, however this is an issue to keep in mind when implementing NAT. To ensure that your applications will run without problems, check with your network equipment vendor to make sure that your library's applications will not be affected adversely if you transfer to NAT. You should check with your software vendors as well, if you are running specialty software that may conflict with NAT. Additional Resources: For a more in-depth look at NAT check out the following links: RFC 1631 - The IP Network Address Translator (NAT) RFC 1918 - Address Allocation for Private Internets Cisco NAT page - Technical Support for NAT from Cisco Systems. See especially the links at the bottom of the page, “How NAT Works” for general information about NAT and “Frequently Asked Questions about Cisco IOS NAT” for specifics on how Cisco implements NAT in their equipment. Additional links on related subjects: CIDR - Classless Inter-Domain Routing (CIDR) Overview IP version 6 - IPv6 Information Page public IP address.
Documents
| Introduction to Network Address Translation |
NAT, as it's affectionately called, helps to preserve and protect your IP address by translating a set of private IP addresses into one public IP address, protecting your public access computers from hackers and other intruders and conserving IP addresses
|
|
Contribute to this topic
Do you have an article, presentation, or other content to share on this topic?
You can post it on this topic page. Find out more about submitting documents in the Member Center.
Ratings You must be signed in to rate this item
|
Average (0 Votes)
|
Comments