Intro to Network Address Translation

by Paul Fiengo - 12/11/00

With the establishment of the Internet and Internet Protocol (IP), engineers did not envision the massive growth for Internet connectivity. Therefore, when IP was developed, only a limited number of IP Addresses were created. As the demand for connectivity to the Internet increased, so did the need for IP Addresses. Rapidly, the finite number of useable IP Addresses was depleting. This issue has been of major concern to all individuals required to expand their ability to communicate globally.

To address this issue, engineers had to develop a solution that will permit an infinite number of hosts to communicate on the Internet using the finite number of IP Addresses that are available. To complete this task, a block of IP Addresses had to be reserved for private use. These IP Addresses are known as Private IP Addresses and may be used (and reused) by anyone for private use only. Meaning, these Private IP Addresses are not permitted to interact with the Internet directly. The remaining IP Addresses are often referred to as Global IP Addresses and are assigned for public use. Global IP Addresses are permitted to interact with the Internet directly and must be unique in nature. Meaning, that they may not be reused or duplicated in any way when communicating over the Internet.

Since the percentage of hosts that communicate over the Internet at any given time is far lower than the percentage of hosts that communicate among an Intranet, there is no need to assign Global IP Addresses to them. However, at any given time, a host that has reason to interact with the Internet may not be permitted to do so because of the Private IP Address that it is assigned. To resolve this issue, engineers developed a product called NAT or Network Address Translator. Network Address Translators allow hosts that are assigned Private IP Addresses to communicate with the Internet using Global IP Addresses that a company has been assigned.

To begin, there are many different techniques of implementing a NAT. Although each process arrives at the same conclusion, Static Network Address Translation, Dynamic Address Translation and Masquerading take different steps to that endpoint. However, the overall goal is to transmit information from a Private IP Address / Network to the Internet. In order to implement NAT, various prerequisites must have been initiated. First, a Global IP Address, or block of Global IP Addresses must be obtained from an approving authority. Second, the network in question must select the Private IP Address ranges to be implemented and have them assigned appropriately in order for traffic to be disseminated to the Internet. Once this is complete, the Network Address Translator may be implemented in any of the previously mentioned methods.

Currently, the role of the Network Address Translator is being fulfilled by many different hardware / software products. Routers, Proxies, and Firewalls all are capable of completing a Network Address Translation request. Therefore, it will be the responsibility of the Network Administrator to select a product that best fits the needs of the network in question. Once a decision has been made, the implementation of the NAT should be without difficulty.

The Network Address Translator will store and maintain a table of the Private and Global IP Addresses that have established a connection and are exchanging data between the Private and Public networks. This table is the nucleus to the NAT process. When a request is made by a user / host from a Private IP Address to disseminate information to the Internet, the IP Packets are transmitted to the Network Address Translator. The source IP Address (Private) is removed from the IP Header and replaced with a new IP Address (Global) and then forwarded to the Internet for dissemination.

Conversely, however, information from the Internet may not be disseminated to a private network containing a Private IP Address. Again, the reason is that a Private IP Address may not directly interact with the Internet because they are non-routable. Therefore, a request from the Internet to disseminate information to a private network must be directed to a Global IP Address that resides at the Network Address Translator. The Network Address Translator will then translate the Public IP Address to the Private IP Address and disseminate the information as appropriate. (Certain policies implemented on the NAT may not permit the information to be passed along.) This "feature" prevents the Private IP Addresses from being published to the Internet preventing users from disseminating malicious IP Packets to a private network.

This is a high level explanation of how a NAT operates. Again, the method in which Network Address Translation completes the requests for the dissemination of traffic differs. However, each request requires the use of the NAT table to complete the connection between the Private and Global IP Addresses.