background image
336 Chapter 11: Scaling IP Addresses with NAT
Foundation Topics
Characteristics of NAT
NAT enables nonregistered IP addresses, or the RFC 1918 private address space, to be used
inside a private network and to gain access to a public network, such as the World Wide Web.
The edge router connected to the public network uses NAT to translate the private network
addresses to a registered public address. The translation can be statically or dynamically done.
In the case of a simple translation, each nonregistered IP address is translated to a unique public
address. This enables access from networks that are using nonregistered addressing (or a private
address space) to the WWW. In this scenario, the administrator would first have to find an
Internet service provider (ISP) to supply a block of addresses for use. This may be monetarily
difficult for all but the largest of companies.
To conserve the use of address space, a private space can be "overloaded" to a single or small
number of addresses by using the source IP address plus the source port of the packet to further
distinguish the sending address. Figure 11-2 illustrates the packet header.
Figure 11-2
Packet Header Information
The disadvantages to NAT implementation are the increased latency, the address accountability,
and the loss of certain application functionality, as defined in the following list:
·
Latency--An increased latency is due to the introduction of a translation step (a Layer 7
application used for the translation) in the switching path.
·
Accountability--Some may perceive the hiding of internal addresses from the external
world as advantageous. However, this can be problematic when trying to determine which
internal IP address is responsible for what traffic. Constantly monitoring the NAT
connections or providing only static NAT translations would help your workload, but
would also detract from the ease of use provided by a dynamic NAT implementation.
·
Functionality--Some applications that require a specific source port or source address
would not be able to function in a NAT environment that provides randomly selected
address and port assignments. For example, a specialized database that uses IP addresses
Destination
Port
Source
Port
Destination IP
Address
Source IP
Address
Transport Layer
Header
Network Layer
Header