A NAT allows many internet-enabled devices to connect to the Internet via a single public IP address. When a device wants to access the internet, the router’s NAT translates the device’s Private IP address to the router’s Public IP and accesses the Internet, and vice-versa when a response is received from the server.
In this article, we shall take a look at what NAT (Network Address Translation) is and why it is so important in the world of networking. NAT is something that you should definitely know when you study or work with WebRTC, so let’s get started.
Public IP Addresses and the Scarcity of IPv4
To understand the concept of NAT, we first need to go into the “why”? Why do we need NAT in the first place! The answer to that question lies in the IPv4 addressing protocol.
To access the Internet, a device needs a Public IP address associated with it. This public IP address is its address on the internet and is used to communicate with other devices/servers. To assign addresses to devices, we need to use internetworking protocols such as IPv4 (Internet Protocol version 4) that uses a logical addressing system to assign addresses to devices that want to communicate with one another.
A couple of important points to note about IPv4 are –
- IPv4 uses 32-bit addresses (i.e. a total of 294967296 addresses can be generated).
- Out of the total possible combinations, IPv4 reserves special address blocks for private networks (~18 million addresses) and multicast addresses (~270 million addresses).
So, with IPv4, there are only a few billion IP addresses that IPv4 can assign to public-facing devices. Still, the problem is that several billion devices worldwide need to be connected to the internet. And this is not an exaggeration.
Take a family of four for example – mom, dad, two kids in a well-to-do neighborhood. How many internet-connected devices do you think they need?
- smartphones for parents
- a couple of smartwatches?
- SmartTV, Roku, or Chromecast, or an Amazon Fire TV stick
- a couple of iPads or other tablets
- Laptops – 4 of them (work and online education)
- Connected fridge, doorbell, temperature control, etc.
That’s a lot of devices for a single household. I think you get the point – with the large number of devices coming online every day, it is impossible to assign every device globally its own unique public-facing IPv4 address.
So what is the solution to this issue?
NAT or Network Address Translation
Here’s an analogy to help you get to the solution.
- There are 1000 houses in a city and they all need a number for identification.
- But, we can only allocate numbers 1 – 500 for this city.
- So, how can we ensure that each of the houses is uniquely addressable?
One simple solution is to divide the city into two neighborhoods – A and B. Then assign each of the houses numbers 1 – 500 in each of the neighborhoods. So even though two houses have the same house number, you can uniquely identify them because they belong to different neighborhoods.
When a parcel needs to reach a house, you have to prefix it with the neighborhood and the house number. E.g., A-100, or B-99, or C-499. And that’s it – you’ve devised a system to address houses uniquely.
This is the same concept that is used to manage addressability on the internet using the NAT or Network Address Translation.
Now take all the internet-connected devices in the world (computers, servers, smartphones, TVs, etc.) and group them by location. Then take all the devices in a house or an office and connect them to a router such that all the internet traffic has to pass through the router, as shown below.
Following the example of the cities, neighborhoods, and houses, we can assign public IP addresses to the routers and private IP addresses to the devices behind the routers. These private IP addresses are stored in the router in a table called the NAT Table. The private IP addresses that the NAT assigns to the devices connected to it have to adhere to RFC 1918 (Address Allocation for Private Internets) and can belong to either Class A, B, or C.
- Class A
- Class B
- Class C
A NAT allows many internet-enabled devices to connect to the Internet via a single public IP address. The good part is that the devices behind a particular router can have the same private IP addresses as the devices behind another router. These devices are identified by their router’s public IP addresses and not their private IP addresses.
After configuring the public and private IP addresses, this is how NAT works.
- When a device wants to access the internet, the router’s NAT translates the device’s Private IP address to the router’s Public IP and accesses the Internet.
- Similarly, when a response has to go back to a particular device connected to the router, the NAT forwards the data/packet to the devices’ private IP address by translating the router’s public IP address on the packet to the device’s private IP address.
NAT is an efficient way of conserving the scarce IPv4 resources as you can see.
However, a question arises at this stage.
How is the address allocation accomplished? For example, what happens if two devices access the same website on the Internet at the same time? If the two private IP addresses are translated to the same public IP address (the router’s), how does the router know where to route the response from the website?
To understand this, we need to look at the different types of NAT.
Types of NAT – Static, Dynamic, and PAT
In Static NAT, every device is assigned a public IP address, manually. Needless to say, that this is time-consuming, and is not a good use of IPv4 addresses that are in scarce supply.
In Dynamic NAT, every device is assigned a public IP address, automatically from a pool of available public IPv4 addresses. After the device has finished communicating, the IP address will be returned to the pool for use by the next device that wants to communicate. Thus, dynamic NAT allows a many hosts to address the Internet using a limited number of registered addresses.
PAT or Port Address Translation:
Port Address Translation, or PAT for short, refers to using logic and intelligence to allocate only one public IP address to a large number of private IP addresses. In other words, you can have several devices behind a router and allow all of them to connect to the Internet with only one IPv4 address.
This is accomplished by appending a random number to each of the private IP addresses – usually the source port number. For example, a device with a private IP address
192.168.0.0 with port
8888 wants to access google.com. The NAT makes a note of this information and sends out the request using its public IP address and the port number. When the response comes back from google, the router can use the port number to identify the device and route the response to it.
PAT is a fundamental concept in networking because it acts as an intermediary or a router. Administrators can establish rules in the PAT settings to restrict access to certain private IP addresses or public IP addresses. Thus, it acts as a firewall that admins can use to control traffic both ways.
This was a basic introduction to NAT (Network Address Translation) and its use in networking. It forms an important concept in WebRTC that needs to communicate directly between devices. Further in this series on WebRTC, we will look at STUN, TURN, SFU, SIP, etc., and more into the WebRTC world. So stay tuned, and happy streaming!