What is NAT (Network Address Translation)?
NAT, short for "Network Address Translation," is a technology that converts the IP address contained in the header of an IP packet into a different IP address. It is commonly used to translate private IP addresses utilized within an organization into global IP addresses for external communication.
Private IP addresses were introduced to address the issue of IPv4 address exhaustion. In IPv4, addresses are represented in 32 bits, allowing for approximately 4 billion unique addresses. However, with the rapid expansion of the internet, the number of devices requiring IP addresses grew exponentially, leading to concerns about the eventual depletion of available addresses. To conserve global IP addresses, an approach was adopted where global IP addresses are allocated per organization, and private IP addresses are used internally within the organization. This led to the introduction of private IP addresses as defined in RFC 1918, which specifies ranges for different organizational sizes:
Typically, devices within an organization's internal network are assigned private IP addresses from these ranges.
However, when devices with private IP addresses access external servers over the internet, the servers cannot identify the originating devices, as private IP addresses are shared across multiple organizations. Therefore, the private IP address must be translated into the organization's unique global IP address for internet communication. This is where NAT comes in.
NAT also has the additional effect of concealing internal networks from external ones, providing a degree of security by isolating internal networks. However, while useful for creating network segmentation, NAT alone is not a comprehensive solution for addressing security threats. Additional end-to-end tunneling technologies and protocols are often required.
One limitation of NAT is that it operates on a one-to-one address translation basis, making it unsuitable for handling simultaneous communications from multiple devices. To address this issue, NAT was extended to include port number translation, resulting in NAPT (Network Address Port Translation), also known as IP masquerade. Today, the term "NAT" is often used to refer to both NAT and NAPT.