Network address translation (NAT) modifies the network address information in packets' IP headers as they pass through a traffic routing device to map one IP address space into another. When a network is moved, or the upstream Internet service provider is changed but cannot route the network's address space, this technique was initially employed to avoid the requirement to give new addresses to every site. In light of the IPv4 address exhaustion, it has grown to be a widely used and crucial tool for global address space preservation. A NAT gateway's single Internet-routable IP address can be used for the entire private network.
The border router is configured for NAT and normally has two interfaces—one on the local (inside) network and the other on the global (outside) network. NAT changes a local (private) IP address into a global (public) IP address when a packet travels outside the local (inside) network. The global (public) IP address is changed to a local (private) IP address when it reaches the local network. The packets will be lost, and an Internet Control Message Protocol (ICMP) host unreachable packet will be sent to the destination if NAT runs out of addresses, that is, if there are no more addresses in the pool configured.
There are three types of NAT:-
Static NAT: This creates a one-to-one mapping between local and global addresses between a single unregistered (private) IP address and a legally registered (public) IP address. This is typically employed for hosting websites. These are not used in businesses since a public IP address is required to give Internet access to the numerous devices that require it. If 3000 devices require Internet access, the company will need to purchase 3000 public addresses, which will be highly expensive.
Dynamic NAT: An unregistered IP address is converted into a registered (Public) IP address using a pool of public IP addresses in this sort of NAT. Since only a certain number of private IP addresses can be converted to public addresses, the packet will be dropped if the pool's IP address is not free. If there is a pool of 2 public IP addresses, keep in mind that there can only ever be 2 private IP addresses translated at once. Because a packet will be lost if a third private IP address tries to access the Internet, many private IP addresses are mapped to a pool of public IP addresses. When a set amount of users need to access the Internet, NAT is utilised. The company must purchase multiple international IP addresses to create a pool, which is also highly expensive.
PortAddress Translation(PAT): Port address translation is referred to as PAT. It is a form of dynamic NAT, but it ties a number of local IP addresses together to form a single public address. PATs are frequently used by businesses that wish all of their employees to utilise a single IP address, usually under the control of a network administrator.
Some of the advantages are mentioned below:-
NAT keeps IP addresses that are legitimately registered.
As the device's IP address is concealed when sending and receiving traffic, it offers privacy.
Eliminates the need to renumber addresses as a network changes.
Some of the disadvantages are mentioned below:-
The translation causes delays in switching paths.
While NAT is enabled, some programs will not run.
It makes tunnelling technologies like IPsec more difficult.
Additionally, NAT forces the router to change port numbers even though it is a network layer device and shouldn't.
Some internet protocols cannot be used by hosts that are connected only partially through NAT-enabled routers. Services that rely on TCP connections being opened from the outside network or stateless protocols like UDP may experience interruptions. Incoming packets cannot reach their destination unless the NAT router deliberately supports such protocols.
Some protocols, such as passive mode FTP, can work with one instance of NAT between participating sites, occasionally with the help of an application-level gateway. Still, they break down when both systems are cut off from the internet by NAT. Because NAT affects header values, it is difficult for tunnelling protocols like IPsec to perform their integrity checks. This complicates the use of NAT.
A fundamental tenet of the Internet has been an end-to-end connection, which is backed, for instance, by the Internet Architecture Board. According to current Internet architecture papers, the end-to-end principle is violated by NAT, yet NAT has a place in careful design.
The usage of IPv6 NAT raises many more concerns, and many IPv6 architects think IPv6 was designed to do away with the need for NAT.