Network Address Translation • Current problems with IP addresses: • Address depletion • Scaling in routing • Solutions: • IPv6 • CIDR • NAT
Network Address Translation • What is NAT? • Informally, NAT is a method of connecting multiple computers on a local network to an external network using one IP address. • NAT can be incrementally deployed and only the local network routers need to be modified to implement NAT. • Backbone routers need not be modified.
Network Address Translation Basic operation: NAT NAT Source -> 10.33.96.5: 2000 Destn. -> 18.104.22.168: 600 Source -> 22.214.171.124: 600 Destn. -> 126.96.36.199: 500 Reverse Translation Translation Source -> 188.8.131.52: 500 Destn. -> 184.108.40.206: 600 Source -> 220.127.116.11: 600 Destn. -> 10.33.96.5: 2000
Network Address Translation • Routing across NAT: • Local addresses are hidden from backbone. • Backbone-partitioned networks need special handling using tunneling. • Header manipulations: • IP checksum should be changed. • For applications like FTP, application data should be modified which might require changing the TCP sequence no.s and acknowledgement no.s
Network Address Translation • ICMP messages need a lot of modifications when they pass through a NAT – two address modifications and three checksum modifications. • Disadvantages: • NAT heavily violates the layering principle by looking into the transport and application layers. • Applications that contain IP address in their data cannot work through NAT unless NAT knows the exact occurrences.
Network Address Translation • NAT reduces the options for providing security because any application data that contains IP addresses cannot be encrypted. • NAT provides privacy by hiding the local addresses but this makes detecting of attacks like mail spam difficult. • Conclusion: • NAT has several negative characteristics but it could still act as a short-term solution to the address depletion and scaling problems.