About the basic concept of NAT

Hello
, I'm Kawa from the credit balance
system solution department.

It's July. It's hot these days and I want a vacation.
This time, I'm mainly going to talk about networks for new members, but
I'll write about the basic concept of NAT, which is particularly complicated. I hope this article helps you understand some of the concepts.

First of all, what is NAT?

NAT (abbreviation for Network Address Translation), as the name suggests, is a mechanism for translating IP addresses.
It is an essential technology for applications, websites, and systems used on various networks, and
there is also a technology called NAPT that also converts port numbers.

understand the background

So, the reason why this was created is simple: how do you communicate with a completely different network? That's the problem.
Especially when communicating from the LAN to the WAN side (and vice versa), it is necessary to convert the source address and the address facing the network boundary depending on the direction of the communication.
For these reasons, it seems that research was carried out at various universities in the late 1980s, and conversion technology was devised.
(NAT became

In addition to convenience, NAT also plays an active role in solving
the problem of IPv4 address exhaustion I would appreciate it if you could look into the details, but when IPv4 addresses were created, it was thought that ``2 to the 32nd power = approximately 4.3 billion addresses would be sufficient,'' but
in 2011, IANA (ICANN) It became a hot topic when they announced that they were actually out of stock (or so it seems).
Currently, there is little progress in the use of IPv6, so if we could solve this problem by only having one IP address for the Internet interface, we would be able
to reduce the number of IP addresses used and be cheaper for individuals and companies. It's a win-win.

NAT basics

With this background in mind, let's talk about the basics of NAT.
I don't think it would be a good idea to say ``convert the IP address,'' so I'll use an analogy.

Let's say that your relatively large company, which is divided into several departments, receives a customer for sales.
The person at the 1F reception will confirm the information "To Mr. ◯◯ from Sales". After confirmation, the customer was guided to the 4th floor where a sales representative was located.

Actually, this is almost the same as NAT.

・Customers cannot see the inside of the company, only the reception desk is visible as a contact point (IP address linked to the router WAN side interface)
・Guide to the sales department on the 4th floor (conversion process from global IP to private IP)

After understanding this concept, I would like to check the surveillance cameras installed on the company network from the outside.

I would like each IP address to look like this.
(I will omit the router's local IP as it will be confusing)

- WAN side IP of destination router: 12.34.56.78
- Private IP of surveillance camera: 192.168.10.252
- Global IP of source router: 98.76.54.32
- Private IP of source PC: 172.16.0.3
- Port number used by camera: TCP/60000

1) If you want to access, access your company's global IP address from your local PC at home
( ・ω・) Click [PC]--→[Connection source router]----(Internet)--→ [Destination Router]

172.16.0.3--→98.76.54.32--→12.34.56.78:60000
When going out to the Internet, the source IP address will undergo source NAT translation, and
the access will come from 98.76.54.32 from the destination router.

2) Transfer from destination router to surveillance camera
( ・ω・)｜｜｜ [Connection source router]----(Internet)---[Destination router]--→[Surveillance camera]

98.76.54.32--→12.34.56.78--→192.168.10.252:60000
When the packet reaches the destination router, it says, ``It's coming via TCP/60000, so I guess I should forward it to the surveillance camera.'' (pre-configuration required),
the packet is finally forwarded to 192.168.10.252.

Stateful inspection (ask ChatGPT for details)
is activated for the returned packets, so the video from the surveillance camera can be viewed on the connecting PC.

NAPT basics

But what would you do if the president of this company was a serious micromanager and installed 10 surveillance cameras?
There is only one global IP address, and the port number cannot be changed from 60000 due to the specifications of the surveillance camera.

NAPT (Network Address Port Translation) useful in such cases .

If you configure Static NAT like this on the router side

WAN:60000 --→ 192.168.10.252:60000
WAN:60001 --→ 192.168.10.253:60000
WAN:60002 --→ 192.168.10.254:60000
...

You can connect to each camera by simply changing the port number one by one while keeping the IP address the same, 12.34.56.78.
For example, if you come with port number 60000, go directly to 192.168.10.252.
If you came with number 60001, go to another camera: 192.168.10.253, number 60000.
If you came with number 60002, go to another camera: 192.168.10.254, number 60000.
By linking the destination IP and port number on a one-to-one basis, it becomes possible to operate even with limited resources.

Summary and various NATs

Most of our services are provided in a cloud environment, so you don't have to think about NAT, which is convenient because it takes care of everything for you.
However, since a NAT Gateway may be required when linking with an API, I think this kind of knowledge is essential.
Even in modern services, NAT technology is used in various situations such as online competitive games using P2P technology and IP telephony, and it can be seen that it is actually a technology that is used a lot behind the scenes.

The example I explained earlier is Static NAT, and on the other hand, there are Dynamic NAT, Source NAT, Destination NAT, etc.
In addition, there are technologies that use complex port control mechanisms, such as Cone NAT and Synmetric NAT, which are used in applied P2P. materials provided by Meijo University are very detailed in this regard

When I look back on these technologies, I always find it interesting how amazing the technology is that supports online games without any delays.
I wrote this in a cursory manner, but I hope this article is helpful to someone.
See you soon!

～Complete～