1

NATNetwork Address

Translation

Motivation for NAT

• To solve the insufficient problem of IP addresses

• IPv6– All software and hardware need to be updated– High cost

• Virtual IP Gateway– Used on IPv4– Let more hosts connect to Internet

NAT Example

10.0.0.1

10.0.0.2

10.0.0.3

10.0.0.4

138.76.29.7

local network(e.g., home network)

10.0.0/24

Internet

Datagrams with source or destination in this network

have 10.0.0.0/24 address for source, destination (as usual)

All datagrams leaving localnetwork have same single source

NAT IP address: 138.76.29.7,different source port numbers

NAT gateway

Private IP Addresses

• The following addresses are reserved for the private network– Class A ： 10.0.0.*– Class B ： 172.16.*.* to 172.31.*.*– Class C ： 192.168.0.* to 192.168.255.*

10.0.0.1

10.0.0.2

10.0.0.3

10.0.0.4

Closed local network10.0.0/24

Connection with Socket Pairs

• IP address ＋ Port number ＝ Socket address• Socket pairs define a unique Internet connection.

– (172.16.12.2,3044) and (092.168.16.2,80) is a socket pair.

telnet server

telnet client

Destination: 092.168.16.2 Port Number: 80

Source: 172.16.12.2 Port Number: 3044

Source: 172.16.12.2 Port Number: 5001

Web page 1

Web page 2

Implementation (1/3)

• Outgoing datagrams– Replace (source IP address, port no.1) of

every outgoing datagram to (NAT IP address, port no.2)

10.0.0.110.0.0.4138.76.29.7

Internt

NAT gateway

128.119.40.186:80 138.76.29.7:5001 128.119.40.186:8 10.0.0.1:3345

Web server

PC in LAN128.119.40.186

d:128.119.40.186:80 s: 10.0.0.1:3345

original socket pair

d:128.119.40.186:80 s: 138.76.29.7:5001

new socket pair

Implementation (2/3)

• Create NAT translation table – Every (source IP address, port no.1) to (NAT

IP address, port no.2) translation pair

NAT translation tableWAN side addr LAN side addr

138.76.29.7, 5001 10.0.0.1, 3345

…… ……

10.0.0.110.0.0.4138.76.29.7

Internt

NAT gateway

128.119.40.186:80 138.76.29.7:5001 128.119.40.186:80 10.0.0.1:3345

Web server

PC in LAN128.119.40.186

Implementation (3/3)

• Incoming datagrams– Replace (NAT IP address, port no.2) in the

destination field with corresponding (source IP address, port no.1) stored in NAT translation table

10.0.0.110.0.0.4138.76.29.7

Internt

NAT gateway

128.119.40.186:80 138.76.29.7:5001

Web server

PC in LAN128.119.40.186

s:128.119.40.186:80 d:138.76.29.7:5001original socket

pair

s:128.119.40.186:80 d:10.0.0.4:3345new socket pair

128.119.40.186:80 10.0.0.1:3345

NAT Translation Table

10.0.0.1

10.0.0.2

10.0.0.3

S: 10.0.0.1, 3345D: 128.119.40.186, 80

1

10.0.0.4

138.76.29.7

1: host 10.0.0.1 sends datagram to 128.119.40.186, 80

NAT translation tableWAN side addr LAN side addr

138.76.29.7:5001 10.0.0.1:3345…… ……

S: 128.119.40.186, 80 D: 10.0.0.1, 3345

4

S: 138.76.29.7, 5001D: 128.119.40.186, 80

2

2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table

S: 128.119.40.186, 80 D: 138.76.29.7, 5001

3

3: Reply arrives dest. address: 138.76.29.7, 5001

4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345

Advantages of NAT (1/2)

• Local network uses just one IP address as far as outside world is concerned– 16-bit port-number field; 60,000 simultaneous

connections with a single LAN-side address!

• Range of addresses not needed from ISP: just one IP address for all devices

• Can change addresses of devices in local network without notifying outside world

Advantages of NAT (2/2)

• Can change ISP without changing addresses of devices in local network

• Devices inside local net not explicitly addressable, visible by outside world (a security plus).

Controversial Issues

• NAT is controversial:– Cost and performance– Outside client cannot create a connection to the

host in local network• NAT traversal problem

– Violates end-to-end argument• NAT possibility must be taken into account by

application designers, eg, P2P applications

– Address shortage should instead be solved by IPv6

Problems of IPv6• IPv6 and IPv4 are not compatible.

• All software at many layers need to be modified for IPv6 (ex: TCPv6, UDPv6, etc.)

• All hardware such as gateways and routers must be updated.

• The IPv6 header which is larger than IPv4 header will increase the traffic overhead 。

NAT Traversal Problem (1/3)• Client want to connect

to server with address 10.0.0.1

• Solution 1: statically configure NAT to forward incoming connection requests at given port to server– e.g., (138.76.29.7, port

5001) always forwarded to 10.0.0.1 port 80

10.0.0.1

10.0.0.4

NAT gateway

138.76.29.7

Client?

server

NAT Traversal Problem (2/3)

• Solution 2: Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol. Learn public IP address

(138.76.29.7) + port mappings (with lease times)

Automate static NAT port map configuration

10.0.0.1

10.0.0.4

NAT gateway

138.76.29.7

IGD

138.76.29.7:5001 10.0.0.1:3345

NAT Traversal Problem (3/3)• Solution 3: relaying (used in Skype)

– NATed server establishes connection from peer 1 to relay

– Peer 2 connects to relay– Relay bridges packets between to

connections

10.0.0.1

NAT gateway

138.76.29.7

peer 2

1. connection torelay initiatedby NATted host

2. connection torelay initiatedby client

3. relaying established

peer1

NAT gateway

Making A Call on Skype

• Skype Client (SC) registers with Super Node (SN)– List of SNs

• SC contacts SN with callee ID– SN contacts other SNs to find

callee

• SC directly contacts callee, overTCP

Skype login server

Summary

• By using Network Address Translation (NAT), we manage networks in a simple way: – Security, insufficient IP address, cost …

• NAT traversal is a big problem

• Homework: To find and explain the method for NAT Traversal