Network Address Translation (NAT) is a standard used to allow multiple PCs on a private network to share a single, globally routable IPv4 address. NAT enables a user to have a large set of addresses internally and usually one address externally. The main reason NAT is often deployed is because IPv4 addresses are getting scarce. NAT is an immediate, but temporary, solution to the IPv4 address exhaustion problem that will eventually be rendered unnecessary with the deployment of the IPv6. The Internet Engineering Task Force has been aware of the impending depletion of the current address space for almost a decade.
The increasing use of NAT comes from a number of factors. The major factor is that there is a world shortage of IP addresses. As the Internet has grown, assigning perfectly good network addresses to private networks came to be seen as a waste. Under the Network Address Translation (NAT) standard, certain IP addresses were set aside for reuse by private networks. In addition to reducing the number of IPv4 addresses needed, NAT also provides a layer of obscurity for the private network
, because all hosts outside of the private network observe communication through the one shared IP address
. NAT is not the same thing as a firewall or a proxy server, but it does contribute to security. NAT also succeeds in the ease and flexibility of network administration
. It can divide a large network into several smaller ones by exposing only one IP address to the outside, which means that computers can be added, removed, or have their addresses changed without impacting external networks. Other benefits include Protocol-level protection, Automatic client computer configuration control, and Packet level filtering and routing.
In using NAT, hosts on the Internet appear to be communicating directly with the NAT device rather than with the actual host inside the private network. Inbound packets are sent to the NAT device's IP address and the device changes the destination packet header from its own Internet address to the private network address of the true destination host. The result is that, in theory, a single globally unique IP address is used for hundreds, thousands, or even millions of privately addressed hosts. In practice, however, there are drawbacks. For one thing, many Internet protocols and applications depend on the network being truly end-to-end, with packets forwarded entirely unmodified from the source to the destination. The IP security architecture can't work across a NAT device because the original headers, with original IP source addresses, are digitally signed. Change the source address and the digital signature is no longer valid. NAT raises administrative challenges as well. Although NAT is a nice solution for an organization that can't get enough globally unique Internet addresses, it becomes a huge problem when reorganizations, mergers, or acquisitions require the consolidation of two or more private networks. Even when organizational charts are stable NAT systems can inadvertently be nested, causing routing nightmares. NAT Traversal provides a way for applications to discover the presence of the NAT device, discover the shared, globally routable IP address and configure static port mappings to solve some of the connectivity problems. The NAT traversal solution does not solve all of the problems associated with NAT, but alleviates some of the problems. NAT Traversal in some form will likely continue until IPv6 eliminates the need for NAT.
As the Internet continues to expand at an ever-increasing rate, Network Address Translation offers a fast and effective way to expand secure Internet access into existing and new private networks without having to wait for a major new IP addressing structure. They are used because they are cheap, easy to manage, and don't require users to install special software. It offers greater administrative flexibility and performance than the alternative application-level proxies and is becoming the effective standard for shared access.