Unit One Project
May 13, 2014
Unit One Project
Network address Translation (NAT) is a technology that can be used by network administrators to configure IP addresses of network communication. NAT permits a network device like a router to act as an agent between public and private networks. NAT provides the capability for enterprises and home users to use a single IP address to represent a group of computers on a public domain. The translation part of NAT between private and public addresses, allows a node or a group of nodes already setup with internal addresses to be stamped with an outside address, therefore permitting them to communicate ...view middle of the document...
16.0.0 – 172.31.255.255/12
* 192.168.0.0 – 192.168.255.255/16
These IP addresses are called inside networks in NAT terminology. In another word, communications created by these networks and is intended for any other network outside the internal network should be translated to a routable network which is known as the public network. There are specific terms used by NAT to identify addresses as related to NAT (Antoniou, 2007):
* Inside Local: include specific IP addresses allocated to inside nodes in the internal network (private address)
* Inside Global: include addresses that identify internal nodes to the outer networks (public address). This is the public address assigned to a private host either statically or dynamically.
* Outside Local: include addresses that identify outside nodes to the interior network.
* Outside Global: include addresses allocated to outside nodes (public address).
During the transmission of outbound IP packets, the source address is examined by the NAT configuration rules and if there is a match for one rule to the source address, this address is translated to a public address using the address pool. The pre-identified address pool comprises all addresses that NAT can use for translation. “NAT looks like a normal IP router to the systems which use it” (Balchunas, 2013, p4). Just like routing procedures in a router, the IP network scheme should select IP addresses similarly to the process of connecting two or more networks or subnets through a router. Distinct network and subnets should provide NAT IP addresses, and these private addresses must be explicit with regard to other networks or subnets in the public network. When the unsecure network is the Internet, NAT addresses should be provided from an authorized entity in the public network which means addresses need to be allocated by the Internet Assigned Number Authority (IANA) (Balchunas, 2013).
The reservation of assigned addresses is stored within a pool, to be able to use them when required. When connections are authenticated from the private network, NAT selects the next available global address in the NAT pool and allocate that to the demanding private node. NAT stores a record of which private IP addresses are mapped to which public IP addresses at any given point in time, thus it has the necessary information to map the reply it obtains from the public network into the corresponding private IP address (Balchunas, 2013). Once NAT assigns IP addresses on a request basis, it becomes essential to recognize when to return the public IP address to the pool of accessible IP addresses. “There is no connection setup or tear-down at the IP level, so there is nothing in the IP protocol itself that NAT can use to determine when an association between a secure IP address and a NAT public IP address in no longer needed” (Balchunas, 2013, p6). It is feasible to acquire the connection status data from the TCP header in a TCP transition, but not...