From the course: CompTIA Network+ (N10-009) Cert Prep

Network address translation (NAT)

From the course: CompTIA Network+ (N10-009) Cert Prep

Start my 1-month free trial Buy for my team

Network address translation (NAT)

- What I have in front of me is a diagram of what a typical small network attached to the internet might look like. So I've got some router here. We'll pretend I'm down here in Houston, so we use Comcast a lot down here. So this is some Comcast router. And it has an IP address on its WAN side that came from Comcast. Now, inside, we have a lot of computers and could be a wireless access point with some smart phones, who knows, but there's a lot of devices on here. And all these devices, they have web browsers and they can get on the internet. So remember the rule of the internet says that all devices that get on the internet must have a legitimate IP address. Well, there's a little magic here, and in order for you to appreciate the magic, what I want to do is let's go back in time to the early 1990s, back when I first started getting on the internet, and let you understand that it was a lot tricker back then to do that. (mimicking wires beeping) So now it's the early '90s. In order to do something like this, sure, I would have to get some kind of device. We didn't have cable modem back them, but we'll say it was some kind of phone connection. And I would have this and I would have an IP address that came from my ISP. But remember the rule of the internet says that all devices must have legitimate IP addresses. So the other thing we'd have to do is then call the ISP and go, "Oh, I need one, two, three, four," or whatever number of IP addresses. And you would also be sold an IP address range just for your own little subnet. Your own little network ID that was yours and yours alone, and you'd have to go in and configure each one of the devices. You'd have to configure the LAN side of the router, all for that network ID. And that is in the bad days is how you got on the internet. Sounds painful, doesn't it? Well, back by the early '90s, I'm sorry, call it the mid '90s, we realized that we were starting to run out of IP addresses. The IPv4 standard only has four billion addresses, and they're not used very frugally. So even by the mid '90s, we were like, "Holy cow, we're running out of IP addresses." So they invented this wonderful thing called Network Address Translation. With Network Address Translation, and this is built into routers, every SOHO router out there has Network Address Translation. It's built in and you'd be hard-pressed to find one that doesn't have it already turned on and ready to work. Anyway, to appreciate Network Address Translation, let's pretend that, oh, this computer right here wants to get over to Google, all right? So here's my little setup. Here's the packet that's going out. This is the IP address to Google, this is the internal IP address for my device, and this is the data. Now, when this goes out, if I'm using a NATed router, when the NATed router sees this, he'll look at this IP address, and on our internal networks, we use IP addresses like 192, 168, private IP addresses. And these are not to be ever put out on the real internet. So what happens is the router automatically just plugs in his IP address on the WAN side, which is a legitimate IP address. Now, he goes ahead and sends this out. Now, before he sends it out, he's going to check the ports and the IP address. He's going to write all this down, put it into a table, because when this comes back, he needs to be able to know who to send it back to. So out it goes and it'd be something like this, right, 'cause it's coming back in. Now, it comes in, he goes, "Ah, this is for me," 'cause that's the router's IP address. But then he's going to look at other information, compare it to his table, and go, "Oh, that's really for that guy over there," plugs all this in. And now this is the internal IP address and it can get to that particular device. So that's the beauty of NAT. Network Address Translation allows us to have lots of devices that are on the internet without using legitimate IP addresses. But there's some downsides to this. One of the big issues that we have with NAT is that somebody has to start a conversation so that this guy knows who to send it back to. And that's fine for people who are just using web browsers or checking your email or stuff like that. But what if these were like web servers or something like that? Well, that's where things become a little bit different. In this case, we have different versions of NAT, and these are on the Network+, so you need to be aware of them. One version of NAT is called Static NAT. Now, Static NAT simply means that I am going to assign one IP address so that anybody who comes in on a particular IP address is always sent to this one particular guy. So Static NAT is, we use the term port forwarding a lot when you hear this as well. But the thing to remember with Static NAT is that all incoming addresses for one particular IP address go to one particular device. So that's one way to do it. The other way to do it, and this is very rarely done, but it does exist out there, is Dynamic NAT. Or this is also called, you ready, Pooled NAT. With Dynamic NAT, I got four devices that may or may not want to get out to the internet. So what I'll do is, in order to save money, I'll have, say, two IP addresses built into this router. And if one of these people wants to get out, well, he'll be given that IP address and he can do whatever he wants to do. I've got one IP address left, so this guy wants to get out, now, he can go ahead and use that. The problem with Dynamic NAT is that you have a fixed number of IP addresses. So if this guy wants to get out, well, he's out of luck. So that's the basics of how NAT works. For the exam, make sure you know the difference between Static NAT, regular NAT, or which we would call Port Address Translation, and Dynamic NAT. You're going to see all three on the exam.

Contents