What is Network Address Translation (NAT)?

If you know anything about the internet, you might know that when it first started, all IP addresses were under IPv4 and were limited to about 4.3 billion addresses. Since then, there have been far too many devices to accommodate the limit. As such, NAT was introduced.

NAT stands for Network Address Translation and is a way to allow multiple devices to operate under one IP. This article aims to explain what it is, the different types of NAT, and how it works. Hopefully by the end of this article, you will have a solid understanding of these concepts.

What is NAT?

Network Address Translation or NAT for short is a networking technique that allows multiple devices in a private network to access external networks using a single IP address. It translates public and private IP addresses. It conserves the limited pool of IPv4 addresses and adds a layer of opacity by masking internal addresses.

As mentioned in the introduction, there are only 4.3 billion IPv4 addresses which might seem like a lot, but there are roughly 6.04 billion internet users. It helps to prevent IP exhaustion by enabling thousands of private devices to share a limited number of public IP addresses.

NAT is commonly used by internet service providers (ISPs) and organizations to allow multiple devices on a network to share one public IP address. By doing so, devices on a private network can communicate with devices on a public network without needing each device to have its own public IP.

How Does NAT Work?

When a device in a private network wants to communicate with the internet, the request will go to the NAT-enabled router. The router will replace the private IP with its public IP and assign a unique port number.

By ensuring that multiple devices can share a single public IP, internal addresses can remain hidden from external networks, and port numbers can help differentiate traffic from different devices.

It rewrites port numbers only when needed to avoid collisions, here is how that works:

• Let us imagine a network that has two hosts labeled A and B that are connected. Both of them will send requests for the same destination, on the same port, on the same host side, all at the same time.
• If NAT only translates IPs, then when the packets arrive at the NAT, both of their IPs would be masked by the public IP of the network and sent to the destination.
• The destination will send replies to the public IP of the router. Upon receiving the reply, the NAT will know which reply belongs to which port but they would collide. If the ports are not rewritten, then both connections would map to the same tuple.
• To avoid this problem, NAT will rewrite the source port number as well and will make an entry in the NAT table.

What is NAT Type?

There are three main different types of NAT which are static, dynamic, and Port Address Translation. Additionally, there is a more wide-scale version of NAT called CGNAT.

Static NAT

Static NAT refers to mapping one private IP to one, a one-to-one mapping. It is most commonly used in hosting and is not cost effective for larger organizations since each device requires a public IP. For outgoing traffic, the source private IP is translated into a public IP while for incoming traffic, the destination public IP is translated to the private IP.

Dynamic NAT

The Dynamic NAT maps private IPs to public IPs from a predefined pool. If the pool is exhausted, then additional requests will need to be dropped. This type of NAT is more suitable for networks that require multiple internal devices to access external networks but still have a limited pool of public IPs. Traffic for dynamic NAT arrives at the router and replaces the source IP with a free global one from the pool.

Port Address Translation

Port Address Translation (PAT) is also referred to as NAT Overload as there are multiple private IPs that share a single public IP, each with unique port numbers to distinguish traffic. It is the most widely used form of NAT due to its cost effectiveness and support of thousands of users within a single public IP.

When a computer connects to the internet, the router will assign it a port number that it then appends to the computer’s internal IP. When a second computer connects to the internet, it will get the same external IP address but with a different port number. PAT is mostly used in home networks.

Carrier-Grade NAT (CGNAT)

Carrier-grade network address translation, also known as CGNAT, translates IPs at a much larger scale. It handles tens of millions of network address translations. Service providers and companies with large-scale networks rely on CGNAT for internet and cloud connectivity.

CGNAT is more than just a scaled up version of NAT. NAT functions exclusively within the routers, CGNAT works in ISP core networks as mobile networks route traffic through CGNAT gateways. With NAT, you get assigned an IP that can last anywhere from minutes to days but is defaulted at 24 hours and once that expires, the server will assign you a new IP. With CGNAT, the IP assigned to you can be changed by the provider. This way, the provider can free up IP addresses so as to not overload the system or congest the IP limit.

Not every home user is behind CGNAT, but every mobile user is. Mobile data infrastructure was developed after IPv4 exhaustion had been accounted for. Whether or not your ISP has your residential connection behind CGNAT depends largely on where you live, with latecomers to the internet receiving a relatively smaller range of public IPs.

If you live in Eastern Europe, South America, the Middle East, or parts of Asia, there’s a good chance your residential connection is behind CGNAT, and your home router doesn’t provide you with a public IP address.

Instead of NAT providing your private network with access to the internet via a public IP, your home router is assigned an IP address from private ranges or Shared Address Space that the ISP then maps to a shared pool of public IPs.

While devices within a private network can see each other and communicate, ISPs isolate subscribers in the Shared Address Space, preventing them from communicating with each other behind CGNAT.

Other Forms of NAT

Some other but not as prominent forms of NAT include:

• Reverse Network Address Translation (RNAT): Allows users to connect to themselves using the internet or public network.
• Overlapping NAT: This type of NAT can happen when two organizations who use the RFC 1918 network have their IP addresses merge. It can also happen when registered IPs are assigned to multiple devices on more than one internal network. For both situations, the network needs to communicate and the organizations will use overlapping NAT to achieve this without needing to readdress all the devices.

Pros and Cons of NAT

While it may seem useful in how it assists with the limited IPv4 addresses available, it does have its advantages and disadvantages.

Advantages of NAT

As mentioned, NAT conserves IPv4 addresses. Yes, IPv6 was made to help solve the issue of limited IPv4 addresses, we still actively use IPv4 for many reasons. It supports multiple devices using a single public IP, making it beneficial for businesses and private homes with many devices. This comes in handy for preventing attacks that target specific addresses or protecting devices on the internal network from being accessed directly from the internet.

NAT still forwards all the packets but with modified headers. As it is an overhead, routers must translate IPs and ports for every connection. It can also provide flexibility in network design which is useful for companies that want to change their network configuration without changing their IP. When combined with dynamic DNS, it can ensure consistent access to networked resources when public IPs change dynamically.

Disadvantages of NAT

As helpful as it is, it does increase processing overhead on routers as they constantly translate IPs and make use of the limited IPv4. It may also cause some issues with applications that require end-to-end connectivity such as with gaming. There can be difficulties in traceability since multiple devices all share the same public IP. 

NAT causes path delays as translation results in switching path delays. Some applications will not function as expected with NAT enabled. Lastly, a router is a device for the network layer of the OSI model, but a NAT device is required to tamper with the transport layer in the form of port numbers.

Conclusion

Network address translation or NAT was made out of a necessity to save IPv4 addresses. As more people gain access to technology and the internet, IPv4 could no longer handle the mass. While IPv6 helped lessen the load, IPv4 is still being used for private networks and so, it needed something to help manage the limitations.

Key takeaways:

• NAT translates private addresses to public and public to private, making use of the limited IPv4 addresses and keeping control of them all.
• The three main types: static, dynamic, and PAT.
• CGNAT is a more advanced and higher-scale version that works within ISP core networks rather than routers.
• NAT enhances anonymity by hiding internal IPs and supporting multiple devices on one public IP.
• As useful as it is, NAT has limitations when it comes to end-to-end connectivity.

As the world continues to evolve and more people gain access to the internet, there may come a time where IPv4 is officially retired and NAT will need to work on IPv6 while IPv8 or 10 or 12 handles the new wave of users. Until that day, NAT is here to help with IPv4 addresses, keeping them alive and useful for organizations and individuals alike.

---

Frequently Asked Questions