Networking

07:30 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

NAT Configuration Primer

Organizations often rely on Network Address Translation to reduce public IP address requirements. Here's a quick guide to NAT basics.
Previous
1 of 6
Next

One of the things we'll remember about 2015 is that it was the year ARIN finally ran out of public IPv4 space. Yet despite the depletion, IPv4 is still the dominant addressing mechanism running on the vast majority of organizations today. And in many cases, few are in any big hurry to migrate over to IPv6. The reason that most IT professionals ignored the doomsday cries regarding IPv4 exhaustion is that many companies relied on Network Address Translation (NAT) to significantly reduce the number of public IP addresses they required.

In fact, these days, it's not uncommon for small companies to operate with a single public IPv4 address. And if your company is larger and requires connectivity/redundancy using external BGP peering, then an IPv4 subnet that has 254 usable addresses will work just fine. This provides 254 publically addressable IP addresses -- plenty of addresses to operate a decent sized, publically accessible data center and thousands of employees. NAT is the key to limiting the need to have public addresses assigned to all internal devices in a 1-to-1 ratio.

In this guide, we'll explain how NAT works and walk you through the two NAT configuration options: static NAT translation and Port Address Translation.

(Image: TonisPan/iStockphoto with modification)

 

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
aditshar1
50%
50%
aditshar1,
User Rank: Ninja
1/11/2016 | 1:48:31 AM
Re: NAT
I havent spoken or commented about data security, what i mean to say here is about Network Security. My previous comment share glimpse of only network and not data security. If i am not mistaken NAT can be considered as similar to encryption ..
Andrew Froehlich
50%
50%
Andrew Froehlich,
User Rank: Strategist
1/11/2016 | 1:44:40 AM
Re: NAT
@Aditshar1 - Can you give the community an example of how you believe NAT can provide data security in an enterprise IT scenario? Thanks!
aditshar1
50%
50%
aditshar1,
User Rank: Ninja
1/11/2016 | 12:41:50 AM
Re: NAT
I see your point @Andrew, but considering the fact that we modify network address information in IP datagram packet headers while they are in transit across a traffic routing device, some where or other we can say they do provide security.
calbert234
50%
50%
calbert234,
User Rank: Apprentice
1/9/2016 | 4:39:41 PM
NAT
whats the need for point to point NAT? why not use the public IP
SahaluSaidu
50%
50%
SahaluSaidu,
User Rank: Apprentice
1/9/2016 | 1:43:43 PM
Re: NAT
Hi Marcia,

Good point and question. It probably would not have occurred to me to raise the issue of security implications, so I'm glad you did. I did a little more digging. Here's what Andrew may be referring to when he said "it "hides" the true IP address structure from the outside world." https://www.grc.com/nat/nat.htm. I consider Gibson Research a solid source for such matters.
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
1/8/2016 | 12:43:26 PM
Re: NAT
I see, thanks Andrew. This blog also talks about how NAT can actually impede security.
Andrew Froehlich
50%
50%
Andrew Froehlich,
User Rank: Strategist
1/8/2016 | 12:28:58 PM
Re: NAT
Hi Marcia - Some people think that NAT provides a layer of security because it "hides" the true IP address structure from the outside world. But in reality, it all depends on what ports you have open to the world. Whether they are NAT'd or not adds nothing from a security perspective. 
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
1/8/2016 | 12:09:34 PM
NAT
Thanks for this guide Andrew. Can you elaborate on your point about the misconception of NAT providing security benefits?
Slideshows
Cartoon
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed