Network Address Translation (NAT) is an address translation technology that converts an IP address in an IP data header into another IP address and converts port numbers to achieve address reuse. As a transition technology to alleviate the exhaustion of IPv4 public network addresses, NAT has been widely used due to its simple implementation.
1. In order to save IP addresses and costs, private IP addresses are generally used within enterprises;
2. The constituent devices of the Internet network use public IP addresses;
3. In order to communicate with the Internet, the enterprise intranet must have a public IP address;
4. Devices in the enterprise intranet cannot use private addresses to communicate with the Internet.
On the edge device (router) of the enterprise network, configure the default route, and the enterprise intranet can send data to the Internet.
Since there is no routing entry for a private IP address on the Internet device, the data cannot be returned to the corporate intranet;
On the edge devices (routers) of the enterprise network, NAT technology is used to convert private addresses and public addresses.
NAT, also known as network address translation, is used to communicate between private networks and public networksData with a private IP address in the network data transmission will be eaten by the routing black hole, so NTA needs to be used to convert the private IP address to the public IP address to realize data transmission on the Internet.
IP addresses are divided into public addresses and private addresses. The public IP address is assigned by IANA and is used to connect to the Internet. Private addresses can be freely assigned for internal communication within the private network.
With the rapid growth of Internet users, the world's public IPv4 addresses have been exhausted on November 25, 2019. Before IPv4 addresses were exhausted, NAT (Network Address Translation) was used to solve the problem of insufficient IPv4 addresses, and continues to this day.
NAT technology converts private addresses into public addresses, so that hosts in a private network can access the Internet through a small number of public addresses.
But NAT is only a transitional technology, and the fundamental solution to the problem is to adopt the next generation of IP technology that supports larger address spaces, the IPv6 protocol, which provides an almost inexhaustible address space. (If you are interested in IPv6 above, you can learn about it).
Basic NAT is the simplest way to translate addresses, which only translates the IP layer parameters of the packetIt can be divided into static NAT and dynamic NAT.
Static NAT refers to a one-to-one relationship between a public IP address and a private IP addressA public IP address corresponds to a private IP address, and a static address mapping table is created and maintained.
Dynamic NAT is a one-to-many relationship between public IP addresses and private IP addressesThe same public IP address must be assigned to different users on the private network, and the usage time must be staggered. It contains a pool of public IP addresses and a dynamic address mapping table.
1. Static NAT
1. Static NAT realizes one-to-one mapping of private addresses;
2. A public IP will only be assigned to a unique and fixed intranet host.
3. If you want a host to use a certain associated address first, or if you want the external network to use a specified public address to access the internal server, you can use static NAT.
2. Dynamic NAT
1. Dynamic NAT realizes the conversion of private addresses and public addresses based on address pools;
2. After the addresses in the dynamic NAT address pool are exhausted, other hosts can only use the occupied public network addresses to access the Internet after the occupied public network addresses are released.
3. NAPT
In basic NAT, there is a one-to-one address translation correspondence between private addresses and public network addressesThat is, a public IP address can only be assigned to one private address at the same time. It only solves the communication problem between the public network and the private network, but does not solve the problem of insufficient public network addresses.
Network Address Port Translation (NAPT) converts the IP address, protocol type, and transport layer port number of packets at the same time, which can significantly improve the utilization rate of public IP addresses.
Fourth, easy IP
In the standard NAPT configuration, you need to create a public address pool, that is, you must know the range of public IP addresses. In the dial-up access mode, the public IP address is dynamically assigned by the operator, which cannot be determined in advance, and the standard NAPT cannot do address translation. To solve this problem, you need to use Easy IP.
Easy IP is also known as interface-based address translation. In address translation, Easy IP works the same as NAPT, which translates the IP address, protocol type, and transport layer port number of the packet at the same time. However, Easy IP directly uses the IP address of the public interface as the translated source address. Easy IP is suitable for dial-up access to the Internet and dynamically obtain public IP addresses.
Easy IP does not need to configure an address pool, but only needs to configure an ACL (Access Control List) to specify the private IP address range that needs to be translated into a NAT.
5. NAT Server
As can be seen from the working principles of NAT and NAPT, NAT entries are generated by private hosts initiating access to public hosts, and public hosts cannot initiate connections to private hosts. Therefore, NAT hides the internal network structure and has the function of shielding the host. However, in practice, the intranet network may need to provide external services, such as web services, and the conventional NAT cannot meet the requirements.
To meet the requirements of public network users to access intranet servers, you need to use the NAT server function to statically map private IP addresses and ports to public IP addresses and ports for public network users to access.
Basic NAT experiments
1. Experimental topology diagram.
2. Experimental requirements
1. ENSP simulator.
2. The PC accesses the Internet through a public network address.
3. Experimental procedures
1. Configure the interface address of each device according to the interface IP address table.
4. RT configuration
5. Verify on PC
Capture packets to view the NAT conversion effect. Capture packets from the G0 0 0 0 packet on the internal network port and G0 0 1 packet on the external network port of RT, and show that both the sent Echo Request packets and the received Echo Reply packets are converted into NAT
This is the IT information shared this time, I hope that after reading this article, it can help you solve your confusion. Pay attention to Netbox Education*** Learn more about IT information!