NAT
(Network Address Translation) is the translation of an Internet
Protocol address (IP address) used within one network to
a different IP address known within another network. One
network is designated the inside network and the other is
the outside. Typically, a company maps its local inside
network addresses to one or more global outside IP addresses
and unmaps the global IP addresses on incoming packets back
into local IP addresses. This helps ensure security since
each outgoing or incoming request must go through a translation
process that also offers the opportunity to qualify or authenticate
the request or match it to a previous request. NAT also
conserves on the number of global IP addresses that a company
needs and it lets the company use a single IP address in
its communication with the world.
NAT is included as part of a router and is often part of
a corporate firewall. Network administrators create a NAT
table that does the global-to-local and local-to-global
IP address mapping. NAT can also be used in conjunction
with policy routing. NAT can be statically defined or it
can be set up to dynamically translate from and to a pool
of IP addresses. Cisco's version of NAT lets an administrator
create tables that map:
A
local IP address to one global IP address statically
A local IP address to any of a rotating pool of global IP
addresses that a company may have
A local IP address plus a particular TCP port to a global
IP address or one in a pool of them
A global IP address to any of a pool of local IP addresses
on a round-robin basis
NAT is described in general terms in RFC 1631. which discusses
NAT's relationship to Classless Interdomain Routing (CIDR)
as a way to reduce the IP address depletion problem. NAT
reduces the need for a large amount of publicly known IP
addresses by creating a separation between publicly known
and privately known IP addresses. CIDR aggregates publicly
known IP addresses into blocks so that fewer IP addresses
are wasted. In the end, both extend the use of IPv4 IP addresses
for a few more years before IPv6 is generally supported.
|