background image
342 Chapter 11: Scaling IP Addresses with NAT
NAT Definitions
The addresses used for NAT translation can be summed up in four categories:
·
Inside Local--IP addresses that are unique to the host inside the network, but not globally
significant. They are generally allocated from RFC 1918 or randomly picked.
·
Inside Global--IP addresses that are assigned by the IANA or service provider. They are
legitimate in the global address space or Internet. The Inside Local addresses are
translated to the Inside Global address for Internet use.
·
Outside Local--IP addresses of a host on an outside network that is presented to the
inside network and that is legitimate to the local network. These addresses do not have to
be globally significant. They are generally selected from RFC 1918 or randomly picked.
·
Outside Global--IP addresses that are globally routable on the Internet space.
To make the thought process easier, consider the following definitions:
·
Inside--Addresses that are inside my network
·
Outside--Addresses that are outside my network
·
Local--Addresses that are legitimate inside my network
·
Global--Addresses that are legitimate outside my network
Simple NAT translation replaces the inside local IP address with an inside global address. To
say it another way, the neither-legal-or-RFC1918 addresses are converted to legal Internet-
routable addresses, where both the global and local addresses are valid inside my network. In
the previous scenario, "inside my network" is a point of perspective.
The use of overloading is the same as simple NAT translation; however, the same Inside Global
address is used over and over by maintaining the translation using the port address. For TCP
load distribution, "my" network presents an Inside Global address to the Internet. When
Internet users address this global address, it is translated to an Inside Local address.
The need for the "outside local address" category occurs when two networks are using the same
IP address space. In the case of overlapping network numbering, the network that is using an
Outside Global address is translated to an Outside Local address. In addition, the outside
address could be the same as the address that is being used on the inside, because the Outside
Global address is, from my perspective, not-on-my-network-but-okay-where-it-is.
Because this network address is okay-where-it-is but, in the case of overlapping networks, not-
okay-on-my-network, it must be translated to an Outside Local address. This address is outside
my network but okay-when-it-gets-in.
Figure 11-6 shows each category of address and its location relative to "my network." The terms
inside and outside are relative to the network being discussed; hence, what is outside my
network is inside to the far side.