NAT (Network Address TranslationNetwork Address Translation is a network service that provides direct communication between computers on an external network (such as servers on the Internet, Web servers, etc.) and an internal network (such as a home or work LAN) as if they were on the same network. they would be. It does this by modifying the network address information in the IP headers of the data packets as the packets pass through the network (NAT) device. Such a device could be, for example, a router, a firewall, and so on. It follows that machines on your internal (home or work) network do not need to be public IP addressbecause the network router or firewall translates them to the correct address when communicating with the external network (Internet).

Thus, address translation makes it possible for an entire private network to use a single public IP address. This option has become very popular among ISPs as IPv4 addresses that can be allocated on the Internet have rapidly declined with the spread of the Internet and the proliferation of networkable devices that can be connected to the Internet.

It is referred to as a synonym for NAT IP Masquerade, which is a technique that hides the entire IP address space of private IP addresses behind a single IP address in the public address range. Changes the hidden address to a single (public) IP address as the "new" source address of the outgoing IP packet, so that outside the packet is not sent from the real sending computer on the network, but from the NAT device itself. This makes it seem to the outside world that the network device itself is the sender of the packet.

NAT technology is irrelevant for IPv6 addresses, as the main purpose of creating IPv6 is to have a unique, public address for all network devices connected to the Internet (including today's modern household devices such as TVs, IP cameras, alarms, etc.), thereby providing an opportunity for all devices to establish point-to-point connections. However, the worldwide spread of IPv6 addresses is still very long (it can take many years), so until the full migration is complete, this method will serve as a lifeline to sustain dwindling IPv4 addresses.

Carrier-grade NAT (CGN)

Carrier-grade NAT (CGN), also known as large-scale NAT, is an IPv4 network design approach in which mainly residential ISP endpoints are configured with private network addresses, with address translation performed on devices already in the ISP's network, allowing public IP addresses to the sharing and reusability of its smaller domains between several endpoints. This switches the NAT function and configuration from the customer's premises to the ISP's network. With this technique, it is possible to mask even several private subscriber networks behind a public IP address. The process is essentially the same as in the case of a home router, only here the address translation takes place on a large scale, at the service provider level. IPv4 addresses allocated in this way are 100.64.0.0/10 CIDR are in the range (RFC 6598).

Disadvantages

Unfortunately, address translation also has its drawbacks, including making the computers behind the NAT device inaccessible from the open Internet, such as making home computers remotely inaccessible.

With simple NAT, when only the router in the private network performs address translation, it would not be a problem because the port forwarding feature set in the router makes the manually configured services available on the corresponding port on the computer at the specified private network address, but Carrier-grade address translation In this case, this no longer works, because in this case an address translation is already performed on the service provider's side (also), so the port redirections set in the router lose their significance, because the private network router no longer receives packets from the public IP address. .xxx. In this case, the different tunneling techniques make it possible to access the computers behind Carrier-grade NAT, such as SSH tunneling is.

As a result, it is not possible to run public web services from a computer behind a Carrier-grade NAT, for example, because ports for different web services can only be accessed and forwarded using the above-mentioned tunneling techniques, which is only possible with an external relay server.

The downside of having a web host is that banning a visitor's IP address from behind a Carrier-grade NAT from a web site may risk banning other potential visitors who use the same IP address without reason.

Most of the larger Hungarian ISPs already allocate dynamic IPv4 addresses to customers in this way, which is why they are still called NAT or NAT in Hungary.

Internal IP address range standards

The address ranges to be allocated to the networks behind the internal, that is, NAT devices, are the RFC 1918 standard, which are recognized accordingly by different network devices. This prevents a networked device from sending data directly to the public network. In these domains, ISPs do not allocate subscriber public addresses. The ranges are as follows:

• 10.0.0.0 - 10.255.255.255: 24-bit address range (16 IP addresses)
• 172.16.0.0 - 172.31.255.255: 20-bit address range (1 IP addresses)
• 192.168.0.0 - 192.168.255.255: 16-bit address range (65 IP addresses)

The last of these ranges is the most common in the settings of routers used to build home networks.