Network Address Translation#
We've gone over IP addresses and looked at private addresses and subnets. We've even talked about routing and talking to systems in other networks. NAT helps us achieve this and, in fact, you're very likely using it right now. I know I am, because this is my system's IP address:
1 2 3 4 5 6 7 |
|
Note
Use ipconfig
in a Windows Terminal to see the same information
Yet my public IP is:
1 2 |
|
To connect to upload.academy
, I have to use a public-facing IP, such as 203.221.43.227
. NAT makes this possible by translating 192.168.88.13
my internal IP address.
As for the specifics of how, I think a diagram speaks a thousand words:
In this diagram, we can see a system with an internal IP of 10.0.0.1
(left-hand side). It wants to talk to 200.100.10.1
, which is over on the right and is a server. The router in the middle has an IP attached to it: 150.150.0.1
.
When the system on the left establishes a connection to the server (TCP, UDP, ICMP, etc.) its router performs a NAT operation to translate 10.0.0.1
to 150.150.0.1
so that its data can be routed over the public Internet, eventually reaching 200.100.10.1
. When the traffic comes back it's translated again, from 150.150.0.1
to 10.0.0.1
, so that the internal network knows where to send the traffic.
As well as protecting the internal system from direct exposure to the public Internet, NAT also solves another problem we've briefly discussed: IPv4 addresses running out.
If you've got ten systems on your local network, do you want to waste ten public IPv4 addresses so that they can access the Internet, or just have one that they all use? NAT can translate their internal IP addresses (of which you technically have your choice of millions) to the one, single public IP address. This is way more efficient.
NAT is something you're very likely to configure in AWS. A lot of organisations use AWS "NAT Gateways" as a way of allowing tens, hundreds and even thousands of servers inside of their AWS account to communicate with the public Internet.