Got it
Huawei Enterprise Support Community
Community Forums Access Network
Introduction to Different...

Introduction to Different Types of NAT Highlighted

Latest reply: Mar 16, 2022 17:16:50 2174 77 38 0 2
View the author 1#

Hello, everyone!

Today I want to share with you about NAT. First of all, do you know how we access the Internet? 


In most network environments, we need NAT to access the Internet. 

NAT is Network Address Translation. This is a protocol that provides a way for multiple computers on a public network to share a single connection to the Internet.


Before going into more detail about NAT, let's talk about what is the public address and private address.


Public IP address and Private IP address


NAT


The public network refers to the Internet, and the public IP address refers to the globally planned IP address on the Internet. The network segments cannot overlap. Routers on the Internet can forward packets whose destination address is a public network address.


In the IP address space, some IP addresses of Class A, Class B, and Class C are reserved as private IP addresses. Private IP addresses cannot be used on the public network but can only be used on the intranet. Routers on the Internet do not have routes to private addresses.


The ranges of reserved class A, class B, and class C private addresses are as follows:

  • Class A IP address: 10.0.0.0 - 10.255.255.255.

  • Class B IP address: 172.16. 0.0 - 172.31. 255.255.

  • Class C IP address: 192.168. 0.0 192.168. 255.255.


NAT Type


NAT Type


  • Static NAT, dynamic NAT, NAPT, and Easy IP enable users to access the public network from a private network.

  • The NAT server implements access from the public network to the private network.



Static NAT


Static NAT is configured on the router that connects the private network to the public network. Each private network address has a fixed public network address. That is, the mapping between private network addresses and public network addresses is one-to-one. This type of NAT does not save public network IP addresses.


Static NAT supports bidirectional communication.


Static NAT


  1. As shown in the above figure, the ISP assigns three public addresses 12.x.x.1, 12.x.x.2, and 12.x.x.3 to the enterprise.

    You can configure static NAT on the border router of the enterprise to map the private address 192.168.1.2 of PC1 to the public address 12.x.x.2. Map the private address 192.168.1.3 of PC2 to the public address 12.x.x.3, and then generate a static address mapping table on the router.

  2. PC1 and PC2 access the web server on the Internet. When the data packet passes through the router, the private IP addresses of PC1 and PC2 are replaced by the corresponding public IP address. When the data packet from the Web Server is returned, the data packet is also Similarly, the data is first sent to the router, and then the router searches the static address mapping table, converts the public address into a private address, and finally sends the data to the terminal device corresponding to the private address.

  3. PC3 cannot access the Internet because static NAT is not configured on PC3.


Note that Static NAT maps private addresses to public addresses in one-to-one mode. As a result, the corresponding public addresses are still in use even if an intranet host is offline for a long time or does not send data. Therefore, static NAT does not save IP addresses.


For more information, please click: Static NAT Lab


Dynamic NAT


To avoid address waste, dynamic NAT proposes an address pool. All available public addresses from an address pool.


Dynamic NAT


  1. After dynamic NAT is configured, the edge router of the enterprise generates a public IP address pool based on the available public IP addresses. When the PC of the enterprise accesses the Internet, the data packet passes through the router. The router replaces the private IP address of the PC with an idle public IP address and then accesses the Internet.

  2. However, after PC1, PC2, and PC3 access the Internet, the public IP address pool of the company does not have an idle public IP address. In this case, PC4 cannot access the Internet.


After dynamic NAT is used, the mapping between public addresses and private addresses is still one-to-one, which cannot improve the utilization of public addresses.


Note that the one-to-one mapping between public addresses and private addresses is temporarily established. The public IP address translated by the PC through the router is a temporarily idle public IP address in the public address pool. Therefore, dynamic NAT supports only unidirectional access and can only access the public network from the intranet.


NAPT


Network Address and Port Translation (NAPT) translates not only IP addresses but also port numbers when selecting addresses from the address pool. In this way, one-to-many mapping between public addresses and private addresses is implemented, which effectively improves public address utilization.


NAPT


  1. As shown in the preceding figure, after NAPT is enabled, the router generates a dynamic address and port mapping table. The public IP address pool of the edge router has only two public IP addresses. When PC1 accesses the web server on the Internet, the data packet carries the source port, destination port, source address, and destination address parameters to the router. Then, the router performs public address translation and source port translation. In addition, the translated port number and public IP address are recorded in the dynamic address and port mapping table. Finally, PC1 accesses the Internet.

  2. When the WEB Server returns data, the data packet also carries these parameters to the router. Then, the router queries the dynamic address and port mapping table and sends the data packet to PC1.

 

NAPT translates transport-layer port numbers to differentiate terminals on the intranet and enables multiple private IP addresses to share one public IP address, thereby saving IP addresses.


For more information, please click: NAPT Lab


Easy IP


The implementation principle of Easy IP is the same as that of NAPT. It translates IP addresses and transport-layer ports at the same time. The difference is that Easy IP does not have the concept of an address pool and uses interface addresses as public IP addresses for NAT.


Easy IP


Easy IP applies to scenarios where no fixed public IP address is available, for example, the network egress that obtains an IP address through DHCP or PPPoE dialup, and the obtained dynamic IP address can be directly used for translation.


NAT Server


NAT server refers to port mapping.


When the server on the private network needs to provide services for the public network, you need to configure the NAT server on the router and specify the one-to-one mapping between [public IP address: port] and [private IP address: port] to map the intranet server to the public network. The public network host accesses the [public IP address: port] to access the intranet server.


NAT Server


As shown in the preceding figure, the Web Server on the enterprise intranet needs to be accessed by computers on the Internet. To implement this, you need to configure the NAT server on the edge router of the enterprise. 


  1. Mapping the IP address and service port number of the Web Server (192.168.0.2:80) to the public IP address and port number of the edge router (12.x.x.8:43333).

  2. When a computer on the Internet accesses the web service on the intranet, the destination IP address and port number of the data packet are the IP address and port number (12.x.x.8:43333) mapped on the NAT server.

  3. After receiving the packet, the edge router of the enterprise looks up the NAT mapping table and translates the destination IP address and port number to the IP address and port number of the Web Server (192.168.0.2:80).

  4. In this way, services on the private network can be accessed through the public network.


Advantages and Disadvantages of NAT


NAT Advantages


1. The enterprise intranet uses private IP addresses, which reduces the occupation of public IP addresses. NAT is generally applied to border routers, for example, routers connected to the Internet.


By using the NAPT technology, enterprises can use public IP addresses to access the Internet from private networks, saving public IP addresses.


  • If different enterprises or schools do not need to communicate with each other, their private addresses can overlap.

  • If the intranets of different schools or enterprises communicate with each other through VPNs or leased lines, the private addresses used by different schools or enterprises cannot overlap.


2. After the ISP is changed, the intranet address does not need to be changed, which enhances the flexibility of the Internet connection.


3. The private network cannot be directly accessed on the Internet to enhance the security of the intranet.


NAT Disadvantages


1. When NAT or NAPT is performed on a router, the network layer and transport layer of data packets need to be modified, and the mapping between port and address translation needs to be retained and recorded in the router. Routing data packets causes a large switching delay and consumes a large number of resources on the router.


2. A private IP address is used to access the Internet. The source IP address is replaced with a public IP address. If a student of a school publishes a message on the forum, the forum can only record the public IP address of the publisher and cannot trace the intranet IP address. That is, end-to-end IP tracing cannot be performed.IP tracing.


3. The public network cannot access the private network. To access the private network, you need to perform the port mapping.


4. Some applications cannot run on the NAT network. For example, IPSec does not allow intermediate packets to be modified.



I'll share the lab on NAT configuration later.

Thank you so much for reading and hope it helps you.

t_0002.gif

NAT

The post is synchronized to: Routing & SwitchingSingapore Technical Discussion GroupPartner Technical Support Services GroupPhilippine Communication GroupMiddle East Engineer Technical GroupNetwork Learning Sharing

Like (38) Dislike (0) Favorite(2) Share Report
Previous: I don't see the NEW button to add the WAN configuration (HG8246M)
Next: Ont latency
(4) (0)
2#
Chenxintao
Admin Created Jan 4, 2022 09:05:09

@Malik3000 @alopez @IndianKid @umaryaqub @LuizPuppin @shakeela @NTan33 @smileymind @Saqib123 @yogijain @lucian2003 @Unicef @WalidNawar_PDAC_MVE @BAZ @Ihteshamraza @sohaib.ansar @daniellima @S_Noch @chantha @Navin_kay @Faridrami @Herediano @abood_1419 @VinceD @19muaz19 @Addy786 @Adriale @Ahmed_Osman @AJR @alkaseer @ankush @Aroot @azkasaqib @bagic @BAZ @daniellima @DawoodShah @Ddkompik @Dragos_Voicila @E.DR_91 @EdelChino @EglymarB @Elecha001 @ernesto_cupet6 @fargat @felixqperez @Fernando_Ag @Floyd_42 @Fuat @futurework @gabo.lr @Galeober @GDCP @Harihar_Shrestha_new @HaseebAkhtar @huriuraz @HWmah @IndianKid @jas_heer @JNL @JT_UPDATE @kakuye @Kolli @KorayK. @krishnkant @Len_non @little_fish @LSA @lucian2003 @LuizPuppin @Luke_WiFi_Walker @Majdi.Chebil @Marcelo.Toledo @Mglsmn @Moemyint18 @Mohamed_Ahmed @MPatel @mr_anderson @msgabs @Nawwaf.sa @NetEng.JA @niko_makoni @olutaiwo07 @orlan_ortiz @ozan @phuta @RanaShakeel @realtm7 @Renan_Brasil @rganacim @RoxES @Rumana @safi1012 @sam_san @Sapte @Saqib123 @Shalapy @Shayan_ITMan @Siyamraj @smileymind @sonam228 @thisu @umaryaqub @Unicef @user_3015189 @user_3333671 @user_3445655 @user_3754066 @user_3926329 @user_3984285 @user_3998471 @user_3999909 @user_4000907 @user_4082249 @user_4082499 @user_4101251 @user_4115707 @user_4183415 @vagkaefer @Vien @vitoko @Vlada85 @WalidNawar_PDAC_MVE @wissal @www_13290524951 @yogijain @zaheernew @Zahid_27


You are welcome to leave a message

t_0002.gif
View more
  • x
  • convention:

wissal
wissal Created Jan 5, 2022 14:43:14 (0) (0)
Thank you, my friend  
WalidNawar_PDAC_MVE
WalidNawar_PDAC_MVE Created Jan 25, 2022 06:02:50 (0) (0)
Impressive Technical Post , Really Thank you very much  
Unicef
Unicef Created Jan 30, 2022 04:15:48 (0) (0)
 
AliBinHussain
AliBinHussain Created Jan 30, 2022 16:42:54 (0) (0)
 
(2) (0)
3#
little_fish
Admin Created Jan 4, 2022 09:07:25

NAT stands for network address translation. It's a way to map multiple local private addresses to a public one before transferring the information.
View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jan 4, 2022 09:09:04 (0) (0)
Yes, my dear!  
(0) (0)
4#
Funstuff
Author Created Jan 4, 2022 19:05:10

Thanks!
View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jan 5, 2022 05:40:06 (0) (0)
Thanks for your support! My dear!  
(0) (0)
5#
NTan33
Created Jan 5, 2022 03:26:11

A topic that everyone in IT should be aware of.
View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jan 5, 2022 05:41:19 (0) (0)
Yes, my dear! I want to share this basic knowledge through my own understanding.
Thank you!  
(0) (0)
6#
abdul4685
Created Jan 5, 2022 08:21:32

Nice Stuff !!
View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jan 5, 2022 09:57:09 (0) (0)
Thanks for your support! My dear!  
(0) (0)
7#
user_4001805
Created Jan 5, 2022 14:16:58

Great one
View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jan 6, 2022 01:26:12 (0) (0)
Thanks for your support! My dear!  
(0) (0)
8#
Wassim
Created Jan 5, 2022 14:36:12

The content is beneficial.
View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jan 6, 2022 01:26:18 (0) (0)
Thanks for your support! My dear!  
(0) (0)
9#
wissal
MVE Created Jan 5, 2022 14:45:19

Network Address Translation (NAT) conserves IP addresses by enabling private IP networks using unregistered IP addresses to go online.
View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jan 6, 2022 01:30:51 (0) (0)
Yes, NAT is basic but important.
Thanks for your support! My dear!  
(2) (0)
10#
wissal
MVE Created Jan 5, 2022 14:46:28

Sharing your knowledge, I really appreciate that.
View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jan 6, 2022 01:31:41 (0) (0)
 
12345
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.