When computer networks were first starting out, many design decisions were made. Which, in hindsight, were flawed. One example is the lack of security features. Many early protocols, such as HTTP, Telnet, and FTP, assume that all network traffic is legitimate, sent by good actors, and transmitted by trustworthy intermediaries. This later required the addition of secure alternative protocols such as HTTPS, SSH, and FTPS. While this has taken a lot of work to resolve and deploy to servers and clients, it’s not the biggest misstep from the early internet.
IPv4 or the Internet Protocol version 4 is the addressing structure used for computer networks and to communicate over the internet. It has a structure that allows for a maximum of 4,294,967,296 addresses. While 4.3 billion IP addresses may sound like a lot, that is less than one per human being currently alive. Most people in western countries, at least, have more than one internet-connected device each.
Clearly, IPv4 address space is an issue. Unfortunately, in the internet’s early days, this issue was exacerbated by assigning out vast ranges of IP addresses to organisations that could never use them. This practice was adjusted twice, once with the introduction of the classful addressing system. Later with the introduction of the CIDR or Classless Inter-Domain Routing system. Both of these solutions helped to stave off address space exhaustion.
Another key feature was the private address space. This allocated a few address blocks to be used for internal networks that could not be routed to the larger internet. This allows every Local Area Network or LAN to share the same address space, massively reducing the address space pressure.
NAT
The problem with using a private addressing scheme for internal networks is that you can’t directly communicate with the internet. Any packet you transmit from your local network will have your private IP address. No one else will know which network to send the response back to.
To get around this issue, NAT or Network Address Translation was designed. NAT allows a device, typically the edge router, to edit all network traffic. This sounds sketchy, but the only part that it can change is the source and destination IP address and port number. The router then keeps a table tracking all connections and address translations allowing it to identify relevant responses and redirect them to the appropriate device.
Note: Technically, NAT can also edit the checksum of a packet. The important thing is it can’t edit the actual data, just the addressing.
NAT can be configured one-to-one, giving each device its public IP. NAT is, however, generally deployed in a many-to-one topology where the entire network shares one public IP address. This technically involves the use of the related PAT or Port Address Translation. As you might guess this refers to translating and keeping track of port numbers, again by the router. While it’s technically more correct to specify that you mean both NAT and PAT. NAT is generally assumed to be both, as almost all deployments of NAT use both NAT and PAT.
How Does NAT Actually Work?
Let’s consider an example home network. It has a few devices on it as well as the router. The router is issued a public IP address by the ISP. A computer in the network then wants to load a Technipages article. The computer sends its request via the router with its private IP address. The router then changes the source address in the network packet, to be the public IP address and an unused port number. Critically, the router keeps track of this translation.
A little later, the router receives the reply from Technipages to the same port number. It then checks its translation table to determine which local device to forward the traffic to. Suppose the router finds a match in the translation table. In that case, it then replaces the destination IP address and port in the packet with the computer’s original IP and port number.
There are three main advantages here. First, devices on a privately addressed network can communicate with the public internet. Secondly, NAT acts as a sort of firewall, any unexpected communication into the network, doesn’t map to an entry in the translation table and is simply dropped. Finally, all this happens transparently to the user. They don’t need to know it even happens.
There are some issues, though. For example, if you have a server that you want other people from the internet to be able to access, this isn’t possible with just NAT. There is a solution to this, however, called port forwarding.
Conclusion
NAT is a process where a router translates the source and destination IP address for outgoing and incoming traffic respectively, so that devices using a private addressing scheme can communicate with the publicly addressed internet. The related PAT also translates port numbers, allowing one public IP address to be shared by all devices on a private network. Because NAT almost always also involves the use of PAT, most people use NAT to imply both.
