Network Address Translation – CompTIA Network+ N10-009 – 2.1

There are many devices connected to the internet. Some estimates are 20 to 30 billion. And by the time you watch this video, it’s probably, of course, going to be more than that. One of the challenges, of course, is that IP version 4 only supports 4.29 billion addresses, and we have completely exhausted our list of IP version 4. There are no more addresses or subnets to be handed out.

So now we have to find some way to communicate across the internet to these billions of devices using a protocol with a relatively few number of IP addresses. The way that we’re able to make this work is through a technology known as network address translation, or NAT. We often refer to NAT as being the way that we are able to extend the functionality of ipv4 and use so many different IP addresses. But NAT can be used for many different use cases.

We just, in this video, happened to be talking about one of the most popular use cases where we are able to translate IP version 4 from a private address to a public address. If you wanted to get more details on the difference between a private IP and a public IP, you’ll want to look at RFC 1918, which defines these different ranges of private IP addresses. These are IP addresses that are not routable on the public internet. So we most often use these inside of our homes and inside of our businesses. And we’ll perform translation if we ever need to communicate out to the internet.

Certain ranges of these IP addresses are probably already familiar to you. For example, one IP address range that is private is 10.0.0.0 through 10.255.255.255. In a large enterprise network, this is probably the IP address range that you’re using. This RFC also allocates 172.16.0.0 through 172.31.255.255. And if you’re using network address translation at home, you’re probably using the IP address range of 192.168.0.0 through 192.168.255.255.

So how are we able to take these private addresses, which we already know we cannot route across the internet, and somehow we are able to communicate to these internet connected sites? We are able to do this using network address translation. Let’s take this example where Vala would like to communicate to the Professor Messer web server. Vala’s IP address is a private IP address of 10.10.20.50, and Vala wants to communicate to a public IP address of 104.20.19.63.

To follow this process, let’s break these two addresses out and identify them as the source IP address of 10.10.20.50 and the destination IP address of 104.20.19.63. This packet will first hit a router that is configured with network address translation. This router knows that the source IP address of 10.10.20.50 is an internal IP address. And we can’t use this IP address if we want to communicate out to the internet. So this router will change or translate that address to something different.

This router already has a list of IP addresses that could be used. And in this case it’s changed that IP address to 94.1.1.1. Now we have a public IP address, so now we can communicate directly to the Professor Messer web server. For this web server to communicate back to Vala, it’s obviously not going to communicate back to the internal 10.10.20 address. Instead, it’s going to reverse those IP addresses. And the source IP address now becomes 104.20.19.63. And the destination IP address is the 94.1.1.1 that was originally assigned by the network address translation router.

When this router now receives that packet, it’s going to perform the translation again, except in reverse, and modify that destination IP address to be the internal address of 10.10.20.50, which obviously matches the IP address of Vala. And now Vala has received that message from the Professor Messer website, even though Vala has an internal private IP address. With standard network address translation, we are translating from one IP address to a different IP address.

This means that if we wanted to have many people performing this translation, we would need to have many more public IP addresses available. There’s a way to make this much more efficient using a different form of network address translation called NAT overload, or port address translation, or PAT. Let’s take that same example where Vala would like to communicate to professormesser.com. Vala’s IP address is 10.10.20.50. But you’ll notice we’ll also include the source port number, which in this case is 3233.

The destination IP address is obviously the IP address of the Professor Messer web server at 104.20.19.63. And in this case, Vala is communicating to that server over port 80. When that packet is received by the router, it understands that 10 dot address needs to be translated to a public IP address. And inside of this router is a network address translation table that shows both the private address and the public address that it’s translated to. You’ll notice here that the private address of 10.10.20.50.3233 is converted to 94.1.1.1 with a port number of 1055.

And when that translation takes place, our source IP address is now a public IP address. And that’s what’s received by professormesser.com. Because we’re translating both the network address and the port number, other devices on this network could use the same public IP address. For example, let’s take another scenario where we have Jonas at 10.10.20.70. Jonas’ random port number that’s used for this transaction is 5782. And of course, the destination IP address is the same as the professormesser.com web server with a port number of port 80.

When that packet is received by the network address translation router, it knows that that address has not been used before. And it puts that into the network address translation table with a different port number on the public IP address side. So now we’re using the same IP address of 94.1.1.1 as our public IP. But notice that the port number has incremented by one. This means that we can now have many people on the inside of our network communicating externally to a server, all using the same public IP address.