If we look at IP version
4 and the number of bits that are available
in an IP address, we know that we have a
maximum of about 4.29 billion possible addresses. But it's been estimated that
there are over billion devices that are connected
to the internet, and that number is
increasing as time goes on. So how are we able to
communicate between all of these devices, if we know
that there are only four 4.2 nine billion addresses
available to go around? Adding to this complication
is that we have exhausted the IPv4 address space. There are no more
IPv4 network addresses that can be assigned to
different organizations. So how do we make all
of this communication work given these restrictions
that we have on IP addresses? One of the ways we do this is
by using NAT or network address translation. This isn't the only thing
that NAT is able to provide, but it's one of the major uses
of network address translation in today's networks. We realized early on
that we were running out of IP addresses, so
what we managed to do was carve out a
grouping of IP addresses that we could set
off to the side and call private IP addresses. These private IP addresses
would be used inside of our organizations,
and these IP addresses would not be routable
across the internet. If you look at the first column
of this particular table, these are the private
IPv4 addresses. You may see these referred
to as RFC 1918 addresses, because that's the
RFC where we define these particular groupings. One IP address
ranges is 10.0.0.0 through 10.255.255.255. So if you see an IP address
that's somewhere in that range, that would be a private address. It would not be routable
over the internet. Another one of these
ranges is 172.16.0.0 through 172.31.255.255. And the last private
address range is 192.168.0.0 through
192.255.255.255. We use these
private IP addresses inside of a single
organization, and then we use network address
translation to be able to translate those private
addresses into something that is a public
address that can be routed over the internet. Let's look at an example of
performing this network address translation between a private
address and a public address. This would be Vala's
workstation on one side of the conversation. Her IP address is 10.10.20.50. And if we look at
our previous table, we know that any IP address
that starts with a 10 is a private IP
address, and it's on this local internal subnet. There's a router that
connects our internal network to the rest of the internet. This external router
IP address is 94.1.1.1. And somewhere out
on the internet is professormesser.com, the IP
address associated with that server is 104.20.19.63. If Vala wants to communicate
to professormesser.com, she'll send an IP communication. The source IP will obviously
be her source IP address of 10.10.20.50, and the
destination IP will be the IP address of the
professormesser server, and she'll send that out to
the router that maintains the connection to the internet. But this router recognizes that
there's no way to reroute a 10. address out over the internet. That's a private IP address. So this router performs a
network address translation and translates that
source IP address to something that can be
routed on the internet, and it simply uses its
external IP address to do that. So now that it's
changed this packet to show a different
source IP address, we're able to send that
off across the internet. The professormesser.com server
will receive Vala's request, and then it will send a
response back to Vala. But of course, the
destination IP address is going to be the
one that originally came in as the source
IP address of 94.1.1.1. This router again
recognizes that this is inbound on 94.1.1.1,
and it looks up at its table realizes
this information needs to go to Vala. So it performs another network
address translation translating it back to 10.10.20.50, and that
packet is able to find its way back to Vala's workstation. If all of our networks
were like this one that had a single device, then
this type of network address translation would work. But of course, there may
be hundreds or thousands of devices on the
inside of our network, but we still need
to provide some way to perform network
address translation. We do this through a type
of NAT called NAT overload. You might also hear
this referred to as PAT or port address translation. You might also hear it called
a source NAT, because we're performing a network address
translation on the source IP address. Let's take the
same scenario where Vala's needs to communicate
to professormesser.com. She'll create a packet that has
a source IP address and port number and a destination
IP address and port number. You can see that the source
IP address is 10.10.20.50. That is Vala's address. And she randomly chose 3233
as the source port number. The destination IP is
going to be the IP address professormesser.com, and
since Vala is communicating to the web server, she's
communicating out to port 80 on that destination server. As this packet makes its
way to the internet router, the router again
realizes that it needs to perform a network
address translation. Inside of the router is a
network address translation table where it
keeps track of all of these different
translations that it's doing. It knows that Vala's private
address internally is 10.10.20.50, and in this
particular traffic flow, she's using a source
port number of 3233. This router is going to now
perform the network address translation, and that
new external IP address is going to be 94.1.1.1,
and this router is going to use a
port number of 1055 now to designate this
particular traffic flow. Now that we have an
external IP address, this particular packet
is routed properly off to professormesser.com. When professormesser.com
replies back to Vala, this traffic then
hits the router again. The router looks at the network
address translation table, makes the proper changes back
to Vala's internal IP address, and the response is sent back
to Vala on 10.10.20.50 using the original port
number of 3233. There's another type of
network address translation you may find on your routers
called port forwarding. This allows someone
on the outside to gain access to the
devices that you might have on the inside of your network. So if you're hosting your own
web server or gaming server and that device has
a private IP address, you'll use port forwarding
to be able to take the external communication
and allow it access to that internal private IP. To do this, we would map or
configure the external IP and port number and associate
that with an internal IP and port number. In this example,
someone communicating to the external IP address on my
router over a port number 8088 has that information
translated to port 80 and communicates
internally to my private IP address of 10.1.10.221. You might also
hear this referred to as a static NAT or
a destination network address translation,
because now we're translating the destination
IP address that's being sent from a different device. Since this network address
translation is static, it's one that is available 24
hours a day, seven days a week. It doesn't expire. It doesn't time out. If anybody at any time chooses
to communicate to my public IP address over that
particular port number, they will always be forwarded to
my internal IP address and port number. This port forwarding is
an inbound communication. So in this scenario,
we have devices that are out on the
internet communicating to my internal devices. These internal
devices, you can see, have a 192.168
address, which means they are private IP addresses. And it's this router that's
providing the network address translation. We've already configured this
router to say that if anyone is inbound on 66.20.1.14, which
is our external address, translate that to 192.168.3.22,
which is our server on the inside of our network
using a private IP address. So if we're sending
traffic from one of these devices
on the internet, it will then hit our
particular router and that's where the
translation occurs to be able to then send the
traffic inside of our network to the appropriate device.
