
Network Address Translation (NAT)
Introduction
Network Address Translation or NAT is a technique that allows the translation of local network addresses or the internal IP addresses (used within an organization) into globally unique IP addresses that help identify an online resource in a unique manner over the Internet.
The process is also referred to as Network Masquerading or the Native Address Translation. Network Address Translation allows multiple resources within an organization or connected to a local LAN to use a single IP address to access the Internet.
The idea of Network Address Translation is very simple indeed. It essentially abstracts internal addressing from the global IP addressing used over the Internet. This abstraction allows helps the network resources to get over a shortage of the address space by mapping relatively few real IP addresses to the abundant local IP addresses created locally by the Proxy server for addressing purposes. It allows the use of different addresses over the local and global level and local sharing of IP addresses over the Internet.
An increasing usage of the Network Address Translation was a direct result of the limited address space offered by the erstwhile Internet protocols such as the IPv4 that carried the bulk of the Internet traffic. NAT became a popular mechanism to overcome the shortage of unique IP addresses for individual network resources over the Internet. The Network Address Translation protocol maps the internal addresses to the real IP addresses that are required for communication process over the Internet.
Types of NAT:
1.Full Cone NAT The term Full Cone NAT is also commonly referred known as one-to-one NAT. Full Cone NAT allows the mapping of various external (non local) address ports to the corresponding internal addresses ports in a symmetrical manner.
2.Restricted Cone NAT This allows the local IP address and port number to be mapped to a particular external IP address and port number respectively. The relative mapping in the internal and external domains is not disturbed in the Restricted Cone network address translation.
3.Port restricted cone NAT As the name suggests, the Port restricted cone NAT restricts the port numbers that are used for communication purposes over the Internet. All the external communication is directed to particular communication port except if there is a continuous communication with an application over a specific communications port.
4.Symmetric NAT The communication process directed outwards is mapped to a unique external IP address along with a port number. This scheme imparts a logical symmetry to the process of external network access by the resources connected to the LAN.
In actual practice a pure NAT implementation is rarely used. Rather, a combination of the above types is implemented to achieve the desired network configuration.
NAT offers the following advantages to the network users:
1.The Network Address Translation process offers a simple yet effective solution to the nagging problem of limited address space offered by the contemporary network protocols such as the IPv4. The NAT process generates sufficient IP addresses to be used locally that are subsequently mapped to the real IP addresses for communications over the Internet.
2.A lack of complete bi-directional connectivity offered by NAT is desirable in certain situations as it restricts direct access to the LAN resources. Allocation of a static IP address makes the network resource a potential target for hackers. The presence of an intermediate Proxy server makes the situation tricky.
The usage of NAT also carries certain drawbacks:
1.Network Address Translation does not allow a true end-to-end connectivity that is required by some real time applications. A number of real-time applications require the creation of a logical tunnel to exchange the data packets quickly in real-time. It requires a fast and seamless connectivity devoid of any intermediaries such as a proxy server that tends to complicate and slow down the communications process.
2.NAT creates complications in the functioning of Tunneling protocols. Any communication that is routed through a Proxy server tends to be comparatively slow and prone to disruptions. Certain critical applications offer no room for such inadequacies. Examples include telemedicine and teleconferencing. Such applications find the process of network address translation as a bottleneck in the communication network creating avoidable distortions in the end-to-end connectivity.
3.NAT acts as a redundant channel in the online communication over the Internet. The twin reasons for the widespread popularity and subsequent adoption of the network address translation process were a shortage of IPv4 address space and the security concerns. Both these issues have been fully addressed in the IPv6 protocol. As the IPv6 slowly replaces the IPv4 protocol, the network address translation process will become redundant and useless while consuming the scarce network resources for providing services that will be no longer required over the IPv6 networks.
Why should we switch to IPv6?
IPv6 provides a great solution to the address space crunch that was the underlying reason for the widespread adoption and usage of the Network Address Translation. A lack of address space resulted in a proportionately higher demand for the domain names in comparison to the availability of the same on the supply side.
This led to a squeeze in the availability of IP address thereby resulting in a situation where the IP address prices were shooting through the roof. The situation further made sense for the organizations to go for Network Address Translation technique as a cost-cutting tool.
In this way, the address space constraint in the IPv4 fuelled the popularity and widespread usage of the Network Address Translation process to overcome the situation. If an organization couldnt have enough IP addresses, then it could share them or create them over the local network through the use of a Proxy server and then map the internal IP addresses to the real IP addresses over the Internet thereby making the online communication process streamlined.
The Internet Protocol version 6 or IPv6 eliminates the need for Network Address Translation by offering a much larger address space that allows the network resources to have their own unique real IP address. In this way, IPv6 strikes at the very root of the problem for which Network Address Translation (NAT) provided a solution.
IPv6 offers a significantly larger address space that allows greater flexibility in assigning unique addresses over the Internet. IPv4 (the currently used standard protocol over the Internet that carries bulk of the network traffic), provides 32 bits of address space while the IPv6 offers 128 bits of address space that is easily able to support 2128 or 3.4W1038 or about 340 billion billion billion billion unique IP addresses. This allows a provision for permanent unique addresses to all the individuals and hardware connected to the Internet. Moreover, the extended address length eliminates the need to use techniques such as network address translation to avoid running out of the available addresses.
An escalating demand for IP addresses acted as the driving force behind the development of IPv6. According to industry estimates, in the wireless domain, more than a billion mobile phones, Personal Digital Assistants (PDA), and other wireless devices will require Internet access, and each will need its own unique IP address.
Moreover, billions of new, always-on Internet appliances for the home - ranging from the TV to the refrigerator - will also come online through the different technologies. Each of these devices will also require their own unique IP address. With the exponentially increasing demand for IP addresses, the world is fast outgrowing IPv4 and waiting to embrace IPv6.
In this way, the IPv6 protocol does away with the need to use Network Address Translation technique to make up for the address space crunch by creating local IP addresses over the LAN and mapping them to the real IP addresses used over the network.
IPv6 also offers superior security features thereby allaying the fears of allocating static IP addresses to the various network resources and throwing them open to attacks in the virtual space. The security issue is often used in the defense of the Network Address Translation process. However, the core principle of Internet is to offer an end-to-end connectivity to the different network resources.
This principle is violated by the widespread use of network address translation. It is like missing the woods for the trees. In this context, IPv6 provides a long-term solution to meet the address space crunch as well as the security concerns of the Internet users. For all practical purposes, IPv6 offers an almost endless supply of IP addresses that can be allocated to the exponentially increasing network devices that are being added to the Internet with each passing day. This large pool of IP addresses will provide an abundant supply of usable IP addresses and easily match the demand for the same. This equilibrium will bring the Internet address prices back to normal levels.
 
No comments:
Post a Comment