IP Addressing: NAT
Welcome back to the course on Computer Network and Internet Protocol. So, we arelooking into the IPv4 Addressing schemes in details. So, now, we will look into aspecific problems in IPv4 addressing and network layer protocol using IPv4 and we willlook a possible solution about how we’re actually mitigating that problem in the currentinternet.(Refer Slide Time: 00:45)So, the concept that we are going to discuss today it is called Network AddressTranslation or NAT which is actually a widely used concept which is used now a days foralmost all the institute network. So, the problem which we have with IPv4 addressing isthat the number of IPv4 address that we have they are very limited.So, if you look into the address space which are there. So, this address space we haveprimarily class A, class B, class C. These 3 sets of a 3 classes of IP addresses and thenclass D IP address is for a multi cast data transfer and class E IP address is for thereserved category. So, we are not able to use this class E IP address for our generalinternet data transfer whereas, class D data address because they are designated formulticast data delivery in today’s internet multicast are actually rarely used it is not usedwidely for data transfer.So, the address space that are reserved for the multi cast data delivery we cannot use itfor the normal data transfer, but that is actually being wasted or remaining underutilized.So, the 3 address, 3 classes of address that we have this class A class B and class C fromclass A class A, class B B or class C address. We have to allocate the address well, whatwe can maximum do? We can apply concept of classless addressing or CIDR tocombining multiple classes together or to break a single class into multiple subnets andthen assign the address space to individual subnets.But broadly if you just think of that the total number of available addresses that we havefor combining class A, class B and class C although IP address is 32 bit, we are notgetting 2 to the power 32 different number of addresses. We are only utilizing class A,class B class C, but inside also class this 3 classes we have this broadcast addresses, thenthis network addresses.So, for every individual class A, class B or class C network, we are not able to use thosebroad cast address and the network address to assign to a host. So, this further limits thenumber of available addresses that we have in the internet. And with this limitation ifyou just think of the number of devices that we have now a days that require an IPaddress, it is significantly getting boosted up. So, it is increased quite a few hundred foldfrom the time when IP was first introduced.So, if you think about a number of IP addresses that we actually require is again notequal to the number of devices that we have. Many of the devices that we havenowadays, they have multiple network interfaces and actually we require one IP addressfor every individual interfaces. And because of that we again require further morenumber of IP addresses from the available address space.(Refer Slide Time: 03:54)So, that is the major problem with IPv4 addressing scheme that the number of addressspace that we have it is limited. And the number of devices that is the networkingequipment that we have, they are increasing exponentially. And the large number ofaddresses, they are either wasted or remaining underutilized like the class D or class E IPaddresses.So, what can be a possible solution? So, a possible solution is that if we can make theaddress reusable. So, ideally IP addresses are not developed to support reusabilitybecause, every individual device or every individual networking equipment with thenetwork interface card should be uniquely identified in the network.Now, the question comes that how will you apply this reusability. Here also we apply theconcept from our normal day to day life. Say my name is Sandip Chakraborty, it is notnecessary that in world I am the only person who are having the name SandipChakraborty. So, how do we actually disambiguate two persons, whenever we aresending postal mail? So, we see that what is the location of that particular SandipChakraborty is it inside IIT, Kharagpur or is it say inside some other place say IIT xyz.So, if we want to send the postal mail to Sandip Chakraborty at IIT, Kharagpur, what Ihave to do? I have to use or address in way that Sandip Chakraborty inside IITKharagpur or Sandip Chakraborty inside IIT xyz. That way you can possible try todisambiguate between two person, but again if there can be two Sandip Chakrabortyinside IIT, kharagpur. Then we want to or we will possibly disambiguate based on thedepartment and even there are two Sandip Chakraborty in the department, then I do notknow how that can be done, but at some level we require uniqueness.So, what we can do possibly that within an organization or within an institute possiblythe name that we are using or the addresses the local addresses that we are using that canget reused. So, here by borrowing the similar kind of principle, we use the concept ofreusability for IP addresses. So, what is it this reusability for the IP addresses? So, wehave certain block of IP addresses which we call as the private IP addresses.Now, this private IP addresses can be reusable. So, the private IP addresses can be putinside a IIT, Kharagpur at the same block of private IP addresses can be put in IITBombay or IIT Kanpur or IIT Hyderabad or any other institute in the globe. So, that waywe will be possibly be able to disambiguate between two addresses by looking intowhether that address is in IIT Kharagpur address or IIT Bombay address or IITHyderabad address or say some Stanford address.So, that concept of reusability we need to bring in to the addressing concept. Butwhenever you are bringing this concept of reusability in the system, you still have aproblem. That problem is that how will you route that packet or send that packet. Now tosend that packet over the internet, ultimately you require an addresses which is unique inthe globe. So, what you can possibly do that you can possibly disambiguate the thingsbased on whether it is IIT Kharagpur or IIT Bombay or IIT Delhi. So, you have oneaddress which is unique globally. So, this IIT Kharagpur it is unique globally, IITBombay it is unique globally, Stanford it is unique globally.So, that way you first disambiguate whether you need to send the mail to IIT Kharagpuror IIT Delhi or a Stanford. Now once the mail is reaching there, then you send to theperson concerned who is inside that institute whether it is Sandip Chakraborty orsomeone else inside that particular institute. So, we require a notion of publicly availablename or publicly available unique address and then the private address inside thatorganization which can reused in multiple places.(Refer Slide Time: 08:33)So, what we do in Network Address Translation on NAT? We divide the availableaddress space into reusable address and non reusable address. So, the reusable addressare the private address and the non reusable address are the public address which areunique and which are used to send the packets globally.Now, to transfer the packet, what you have to do? You need a translation mechanism totranslate the internal or the private address to the external or the public address. So, thisalso hide the internal machines from the external device because the external people now,they are not able to see whether the mail is going to Sandip Chakraborty or the mail isgoing to Soumukh K Gosh rather they are just seeing that the mail is going to IITKharagpur.So, IIT Kharagpur is now becoming the identity the public identity. Now once it reachesto the local people or the local postal center of IIT Kharagpur, then they disambiguatewhether the mail need to be delivered to Sandip Chakraborty or that need to be deliveredto Soumukh K Gosh that way we basically disambiguate the entire system.So, you allow internet access you will be able to allow the internet access to a largenumber of users via few public address. Now, here is another interesting factor which isthere while we are doing this private to public mapping. The interesting fact is there ifyou just think about the population of IIT Kharagpur the number of students or numberof faculties, number of staffs who are there inside IIT Kharagpur not all of them accessthe internet simultaneously. Sometimes some, students are accessing sometime thefaculties are accessing or there is bounded number of users who are actually accessingthe internet.Now, the users who are accessing the internet at this moment for them, I require an IPaddresses. The people who are just sleeping for them, I do not require an IP address atall. So, that way if you have a small set of pubic IP addresses, then I can possibly make adynamic mapping between this private address that I am providing to them with thispublic IP; one of the public IP whenever they are waking up and trying to connect to theinternet. So, that way we can ensure the reusability of the system.Now, if you look into the IPv4 address block; the IPv4 address block gives a privateaddresses from individual classes of IP address pool. So, from class A we have 10 dot 0dot 0 dot 0 to 10 dot 255 dot 255 dot 255 that is the private address range. From class Bit is 172 dot 16 dot 0 dot 0 2 172 dot 32 dot 255 dot 255. From class C it is 192 dot 168dot 0 dot 0 to 192 dot 168 dot 255 dot 255. So, from individual classes of IP addresses,you have taken one block of IP address or few block of blocks of IP addresses anddesignated them as the private IP address.(Refer Slide Time: 11:45)Now, this is the basic operation of a NAT. So, NAT is nothing, but a device a router or agateway whatever you call it. So, in one site of the NAT, we have a private network. So,this is my private network; this is my private network and then I have my public networkright. Now, in the private network, I have multiple machines who are identified by thisprivate IP addresses. So, this is an internal machine inside the private network, you canjust think of it as a IIT KGP network, say this is IIT KGP network. In the IIT KGP,network one machine is identified by this private IP address 10 dot 0 dot 1 dot 2.Now, whenever this machine want to send the packet to the outside machine say thismachine and this machine has a public address of to 13 dot 168 dot 112 dot 3. You wantto send a message. So, what you do? You would prepare an IP packet and in that IPpacket you have the source IP of 10 dot 0 dot 1 dot 2 the private IP of this machine andthe destination is the public IP where you want to send the packet.Now, with this private IP, you will not be able to send a send a packet to the outsideworld to the public network. So, whenever it is coming to the NAT device, what the NATdevice does? It makes a mapping between the private address and the public address. So,this private address of 10 dot 0 dot 1 dot 2. It is mapped to one of the available publicaddress which is 128 dot 143 dot 71 dot 21 and that public address is put to the packetwhich is going in the public network.Now the NAT device is replacing this private IP with this public IP and sending thepacket. Now the packet reaches to the destination. Once the destination receives thatpacket, it generates a reply back and in the reply it puts this source IP as the designationIP. Now, with this destination IP this 128 dot 143 dot 71 dot 21, this is an IP which isassociated with this NAT device. So, this device is actually having a pool of IP addressesassociated with them. So, any packet to those IP addresses will be delivered to that NATdevice. So, the packet is delivered to the NAT device. When the packet is coming to theNAT device the NAT device is maintaining this NAT table where it has maintained amapping between with the private address and the public address.Now, what it does it finds out that well this public address has given to this machine. So,it replaces the source address; this particular destination address with the private address.Now whenever this packet is coming to the inside network, the address the destinationaddress is replaced from the public address to the corresponding private address and withthat private address the packet is delivered to this machine.That is the way NAT works. So, now, you can see that every individual machine insidethat network may have one private IP address and you do not require that many of publicIP address because all the machines are not getting connected to the internetsimultaneously. So, you require a small set of public IP addresses may be the number ofusers who are getting connected to the internet simultaneously. And then whenever a userrequest send the packet to the NAT, the NAT just make an address translation from aprivate IP to a public IP. Put that information to the local NAT table to the map and thentransfer that packet to the outside world. And whenever the packet reaches to thedestination machine, the destination machine reply back to you by using that public IPaddress; the source IP now become the destination IP.So, that packet traverses to the network and reaches to the NAT device. Once the NATdevice receives that packet, it again look into the NAT table to find the mapping thereverse mapping better to say. So, from the reverse mapping, it finds out that well thisparticular public IP was given to this machine with the private IP. It make a replacementin the destination IP and send it back to the internal network and the internal networkforward that packet to the final destination. Well. So, that is the entire operation or theidea of NAT.
IP Addressing: NAT- Part 2
Now, in NAT the organization, they manages the internal private network and the NATboxes. NAT boxes are nothing, but routers they manages a pool of public IP address, Foroutgoing connection the NAT boxes, they select one of the IP address from its pool andforward the packet from that IP.(Refer Slide Time: 16:48)Now, NAT has multiple interesting use cases apart from supporting more number ofusers with the help of a limited public IP. One interesting fact is whenever you want tomigrate between different ISP. Now an organization can connect to multiple ISPs forbetter reliability. So, for example, IIT Kharagpur network is connected to ERNETnetwork as well as NKN (Refer Time: 17:13) network. They have multiple outgoingnetwork, we call it as a multi home network.Now, this NAT it allows a easy interchange between the ISPs by changing the IP addressin the NAT boxes. So, whenever you are making a change of the ISP your public addressIP address pool is getting changed, but the internal machines you do not need toreconfigure the IP address for all the internet internal machines which are there inside IITKharagpur. They are having their fixed private IP address and only a mapping is beingdone to the corresponding ISP address to which the NAT box which is working like agateway is currently connected.So, without NAT what you have to do that every internal system address need to bechanged to reflect the network IP of the ISP, but here you do not require that the NATbox will take care of that. So, you do not need to make a change into the internalmachine.(Refer Slide Time: 18:11)So, here is an example like say initially the NAT device was connected to ISP 1, when itwas connected to ISP 1 during that time you are giving the address from a pool of 128143 dot 71 dot 21. Now the moment this ISP got a failure or something happened, thenthe NAT device gets connected to ISP 2. It start giving address from a different addresspool say from 128 dot 195 dot 4 dot 120.So, only thing is that the public address gets changed and these public address aremanaged by the NAT device. But the private IP that 10 dot 0 dot 1 dot 2 which wasassigned to this particular machine that remains as it is. So, that address do not need tochange. So, you do not need to reconfigure every machine independently to reflect thesechanges.(Refer Slide Time: 19:12)OK. Now another interesting thing is in NAT is that you can utilize something called IPmasquerading. So, what is IP masquerading? It is like that, you have a single public IPaddress which you can map to multiple host. Now how you can do that? You can actuallyuse the port address along with the IP address. So, this concept is interesting in thecontext of in the context of NAT. So, what you are doing here that. So, it is basically anextension of NAT which is sometime called as a port based NAT or PNAT.Now, in PNAT what happens that one, so ultimately if you think about thecommunication the communications are basically a process to process communication.One process at the source machine is communicating with another process at thedestination machine. So, these process system are identified the IP address of themachine plus a port number. So, this port numbers are used to uniquely identify a processwhich is running inside a machine. Now, you can use this IP port pair actually together tomake this mapping. So, how you can do that?(Refer Slide Time: 20:48)So, let us see one example here. So, this is the thing say assume that one application isrunning to this machine at port 2001 that has a private IP of 10 dot 0 dot 1 dot 2. There isanother machine say this is machine A, this is machine B. In machine B, it is using adifferent private address 10 dot 0 dot 1 dot 3 and the application is running at port 3020.Now, whenever these packets are going outside and they are trying to communicate tosome public machine same or different that is immaterial to us. So, whenever thesethings are being happen during that time, what the NAT device now do? NAT devicemakes a mapping of this IP port to another IP port. So, what happens here that thisparticular private IP and the port number is being mapped to a public address and oneport. The second private IP and the port is mapped to another public IP and the port.Now, here I can use the same public IP for both the machine because this port number isactually making the differentiation. So, whenever I will get a response, if I am getting aresponse at port 2100 of the IP 128 dot 143 dot 71 dot 21, I know that in the reversemapping that will be mapped to 10 dot 0 dot 1 dot 2 at port 2001. Similarly if you arereceiving a packet at the NAT device at port 4444 from this particular mapping you knowthat this IP port pair will be mapped to 10 dot 0 dot 1 dot 3, it port 3020.So, that way now you can support more number of users with a very limited number ofIP addresses because any way you have around 65000 more than 65000 different numberof ports. If I even remove the reserve port address, still you have some port numbers inthe order of 10000 even it is something similar to 50000 that many different unique portnumber you have.So, that is why if you have a very few public IP addresses. With that very few public IPaddresses by making a mapping with IP port pair, you can actually support a largenumber of users in the private network. And for them you can use the same public IP, butwith different port number and the mapping is basically done based on the IP port pairok. So, that is the concept of IP masquerading to which you can support again largenumber of users inside the private network.(Refer Slide Time: 23:31)And well another use case in NAT is that it can help in doing a load balancing of servers.So, balances of load of multiple identical server, they are accessible from a single IPaddress. So, the NAT box it translate the different incoming connections to differentinternal IP addresses to balance the load between the server and the internal systems arenow configured with private address.(Refer Slide Time: 23:57)So, an example is something like this that whenever you are getting the request, you aregetting the request to the same destination IP; that means, 128 dot 143 dot 71 dot 21. Andthe whenever this particular request are coming to the NAT device based on the load theNAT device can redirect some of the machines some of the request to one machine at 10dot 0 dot 1 dot 2 and some of the request to a different machine at 10 dot 0 dot 1 dot 3.So, that way the same public IP is mapped to multiple private IP and the NAT can doactually the load balancing by distributing the requests to the multiple private IPaddresses. Now, you can think of this machine such the web servers and you have twodifferent copies of the web server. And whenever the web request are coming to thisparticular IP address 128 dot 143 dot 7 dot 21. So, you are making a mapping to one ofthe private address either 10 dot 0 dot 1 dot 2 or 10 dot 0 dot 1 dot 3 based on theavailability. And or based on the load balancing principle and then send the request tothose particular machine.Now, this is the broad idea of NAT. Now one limitation of NAT is that see, you need toshow to have someone from outside to communicate with this particular machine, theyneed to have this particular mapping in the NAT device. So unless you have this mappingin the NAT device, you will not be able to serve a outside request. So, that is why if youare behind the NAT during that time, someone from outside will not be able to directlyconnect to you unless they have the information of the public IP of the NAT box.So, whenever you are making a connection from inside, during that time you are actuallyallowing the outside machine to get a information about the public IP address throughthis source destination IP pair.(Refer Slide Time: 25:59)So, assume that this is your NAT boundary and you have the NAT box. One machine isthere inside and this is the machine at the public domain. So, this is my public domainand this is my private domain.Now, whenever you are sending the packet if the connection is initiated from inside, thenyou have the source IP as a private IP, say 10 dot 0 dot 1 dot 2 and destination IP as apublic IP say 202 dot 141 dot 81 dot 3. And whenever the packet is going outside, theNAT box is making a change to this source IP source IP to some public IP say 194 dot 3dot 2 dot 2 and the destination IP as earlier. And then this machine whenever it isreceiving this particular message from this IP, it can comes to know that well this shouldbe my destination IP the source IP in the request. So, that was the request message.The source IP at the request should be the destination IP at the reply. So, it usesdestination IP in the reply message. It uses the destination IP as this is 194 dot 3 dot 2 dot2 and send that packet back. When it comes to NAT, then the NAT makes an changemakes this destination IP, change to this source IP and the packet as forwarded to theinternal machine.(Refer Slide Time: 28:24)But if the internal machine is not initiating the connection, during that time the life isdifficult. During that time, what you have to do that say, this is my internal machine inthe private domain and this is the machine at the public domain. Now, in that case here isthe NAT box now, this public machine does not cannot send the packet to this internal IPof 10 dot 3 dot some 4 dot 2. It need to know the public IP of the NAT box. So, unlessyou have a information of the public IP of the NAT box, this machine in the publicdomain will not be able to initiate a connection.Now, to solve this problem people use DNS. So, in that case of DNS, you have amapping so, rather than naming these things the example that I have given as a webserver. So, for IIT Kharagpur, we have these dub dub dub dot iit kgp dot ac dot in. Andwhenever you are accessing a machine with this DNS name, the DNS actually has the IPof corresponds to which is mapped to dub dub dub dot iit kgp dot ac dot in saysomething like 202 dot 141 dot 81 dot 2 and this particular IP is mapped to a IP of theNAT box.So, whenever the request comes, so we have multiple web servers multiple copies of theweb servers. Based on the load balancing principle, it forwards the request to one of themachines which are internal to the private network. So, that way by using DNS, wesometime resolve this problem whenever we require this kind of load balancing. But ingeneral unless you have the IP of the NAT box, you will not be able to initiate aconnection from the outside world or from the public world. You need to initiate theconnection from the private network or from the internal network.So, that is all about this concept of network address translation which is actually a veryuseful mechanism to support large number of nodes with the help of IP version 4. And inthe next class, we look into IP version 6. Although IP version 6 is not a very successfulprotocol and although the network design understood long back that IPv6 is required, buttill now people are not able to successfully deploy IPv6 globally for every purpose.IPv6 provides more number of address space compared to IPv4 and it has nicemechanism of managing the IP protocol. Although that is not a success, but in many ofthe places in island wise IPv6 are being used recently people are exploring IPv6 forinternet of things (Refer Time: 31:28) communication. So, in the next class, we willbriefly look into the basic principles of IPv6 protocol and look in to the way people aretrying to make a mapping or make a compatibility between the IPv4 addressingmechanism and the IPv6 addressing mechanism.Thank you all for attending the class today, see you in the next class.
Log in to save your progress and obtain a certificate in Alison’s free Advanced Diploma in Computer Networks and Internet Protocol online course
Sign up to save your progress and obtain a certificate in Alison’s free Advanced Diploma in Computer Networks and Internet Protocol online course
Please enter you email address and we will mail you a link to reset your password.