Collection

zero Useful+1

zero

address translation

Terminology of communication technology

This entry is made by Compilation and application of scientific encyclopedia entries of "Science Popularization China" to examine.

Address translation (NAT) is: Router take Private address Convert to Public address It enables data packets to be sent to the Internet, and when receiving data packets from the Internet, it converts the public address to the private address. In a computer network, Network address translation (Network Address Translation or NAT for short, also called network masking or IP masking) firewall Overwrite source when IP address Or/and purpose IP address Technology.

Chinese name: address translation
Foreign name: Network Address Translation

Alias: Network masking or IP masking
English nicknames: NAT
Type: Terminology of communication technology

catalog

brief introduction

Announce

edit

Network Address Translation (NAT), also known as address proxy, realizes the function of private network accessing external network.^[1]

This technology is widely used in many host But only through one public IP address Access the private network of the Internet. According to the specification, Router It can't work like this, but it is indeed a convenient and widely used technology. Of course, NAT also makes the communication between hosts more complex, resulting in lower communication efficiency.

summary

Announce

edit

Réseau sans NAT

R é seau avec NAT starts as a solution IPv4 Address shortage to avoid reservation IP address Difficult schemes have become popular. Network address translation It is widely used in many countries. Except the United States, almost everyone in the United States has been given an address for historical reasons. So NAT becomes a network connection between home and small office Router Because for them, the cost of applying for redundant IP addresses is higher than the benefits.

In a typical configuration, a local network uses the specification of a VPC Subnet (such as 192.168. x.x or 10. x.x.x) and a router connected to the network. This router occupies this network address A private address of a space (such as 192.168.0.1), and it also passes one or more Internet Service Provider Public IP address (called "overload" NAT) connected to the Internet. When information is transferred from the local network to the Internet, the source address is immediately converted from a private address to a public address. The router tracks the basic data on each connection, mainly the destination address and port. When a reply is returned to the router, it determines the forwarding to Intranet Which of host ； If multiple public addresses are available, when the data packet returns, TCP or UDP Client's Port number It can be used to decompose data packets. For a system on the Internet, Router It acts as the source and destination address of communication.

Some people have always believed that the widespread adoption of IPv6 will make NAT unnecessary, because NAT is just a process IPv4 Of address space Inadequate methods.

shortcoming

Announce

edit

In a NAT enabled Router Lower host No real end-to-end connection has been established, and you cannot participate in some Internet Protocol 。 Some need to initialize the TCP Connection and use Stateless protocol , such as UDP 's service will be interrupted. Unless the NAT router makes some specific efforts, the sent packets will not reach the correct destination address. Some agreements can sometimes be Application layer gateway With the help of (see below), a NAT instance, such as FTP, can be accommodated between hosts participating in NAT. NAT will also complicate security protocols, such as IPsec.

End to end The connection is IAB As one of the core Internet protocols supported by the Internet Architecture Board, some people believe that NAT is a violation of the public Internet. some Internet Service Provider Only provide local services to their customers IP address Therefore, they must access services outside the ISP network through NAT, and whether these companies can truly provide Internet services has also been discussed.

benefit

Announce

edit

In addition to bringing convenience and cost, NAT full duplex In some cases, the lack of connection support can be seen as a beneficial feature rather than a limitation. To some extent, NAT depends on a machine on the local network to initialize and Router On the other side host It can prevent malicious activities of hosts on the external network. This will prevent Network worm virus To improve the reliability of the local system and prevent malicious browsing to improve the privacy of the local system. Many NAT enabled firewall This function is used to provide core protection. In addition, it is also UDP The cross LAN transmission provides convenience.

Conversion mode

Announce

edit

At present, there are three address translation methods. One is often abbreviated as "NAT" Network address translation (sometimes called“ network address Port conversion ", recorded as NAPT ）, which supports port mapping and allows multiple host Share a common IP address 。

The second one can also be called NAT or "basic NAT" or "static NAT", but it is simpler in technology. It only supports address translation and does not support Port Mapping , which requires an IP address for each current connection. Broadband Router This method is usually used to allow a designated computer to receive all external connections, even when the router itself has only one available external IP address. This router is sometimes marked as a DMZ host.

The third is called pooled NAT, which defines a series of legal addresses in the external network and maps them to the internal network by dynamic allocation.^[2]

NAT supporting port conversion can be divided into two categories: Source Address Translation And destination address translation NAT. In the former case IP address It will be rewritten. In the latter case, the IP address of the connected computer will be rewritten. In fact, the above two methods are usually used together to support two-way communication.

Applications affected by NAT

Some high-level protocols (such as FTP, Quake, SIP) send network layer (layer 3) information within the valid data of IP packets. For example, FTP in active mode uses separate ports to control command transmission and data transmission respectively. When a file transfer is requested, host At the same time of sending the request, it also informs the other party which port it wants to accept data on. However, if the host sends the request behind a simple NAT firewall, the information received by the other side will be invalid due to the port mapping.

One Application layer gateway (Application Layer Gateway or ALG) can correct this problem. The ALG software module running on the NAT firewall device can update any invalid information caused by address translation. Obviously, ALG needs to understand the upper layer protocol to be modified, so each protocol with this problem needs to have a separate ALG.

However, most traditional client server protocols other than FTP do not need to send network layer (layer 3) information, and thus do not need ALG.

Another possible solution to this problem is to use the STUN This kind of technology, but it only aims at UDP And needs it to build in this technology. This technique is also invalid for symmetric NAT. Another possible solution is UPnP , but it needs to be used together with NAT devices

Usage Examples

Announce

edit

load balance : Destination address translation NAT can redirect Some servers are connected to other randomly selected servers.

Expiration: The destination address translation NAT can be used to provide highly reliable services. If one system passes Router Once the router detects that the server is down, it can use the destination address translation NAT to transparently transfer the connection to a backup server.

Transparent proxy : NAT can redirect the HTTP connection to the Internet to a specific HTTP proxy server To cache data and filter requests. some Internet Service Provider Use this technology to reduce bandwidth Instead of having their customers configure their browsers to support proxy connections

Source network address translation

Source Address Translation It is an address translation based on the source address. It is mainly used for intranet access to the internet, reducing Public address The number of hidden internal addresses.

as IP address The three PCs, 192.168.1.2192.168.1.3192.168.1.4, share the public IP address of 119.75.213.61 and Internet connection after source address conversion.

Destination address translation

Destination address translation can be divided into targets Address mapping , Objectives Port Mapping , Server load balancing Etc. Destination address translation is also called reverse address translation or address mapping. The destination address translation is a one-way mapping for the target address, which is mainly used when the internal server provides services to the external. The difference between the destination address translation and the static address translation is that it is one-way. The external can actively access the internal, but the internal cannot actively access the external. In addition, destination address translation can be used to achieve load balancing, that is, one destination address can be converted to multiple internal server addresses. You can also map different ports to different machines through port mapping.

For example, a PC on the Internet (218.92.1.2) accesses the Internet address 119.75.213.61 and converts the destination address of the router to a server 192.168.1.100 that accesses the intranet

Novice on the road

Growth task Getting Started with Editing Edit Rule Edit by myself

I have questions

Content query Online Service Official post bar Feedback

Complaints and suggestions

Report bad information Failed to appeal through entries Complaint of infringement information Blocking query and unblocking

Jinggong Network Anbei No. 1100000200001