The basic concept of NAT

Hello,

I'm Kawa from the 0 Credit Balance System Solutions Department on my days off.

It's July. It's hot, and I'm longing for a vacation. Today
, I'm going to talk about networking, primarily for new members, and
I'll be writing about the basics of the confusing NAT. I hope this article will help you understand the concepts a little better.

What is NAT anyway?

NAT (short for Network Address Translation), as the name suggests, is a mechanism for converting IP addresses. It
is an essential technology for applications, websites, and systems used on various networks, and
there is also a technology called NAPT that converts port numbers.

Understanding the background

The reason this was created was simple: how to communicate with completely different networks? This was a problem.
In particular, when communicating from a LAN to a WAN (and vice versa), it was necessary to convert the source address to the address facing the network boundary depending on the direction of communication.
For this reason, research was carried out at various universities in the late 1980s, and conversion technology was devised.
(NAT became

In addition to its convenience, NAT also plays an important role in solving
the problem of IPv4 address depletion For more details, please look into it. When IPv4 addresses were first created, it was thought that there were "2 to the power of 32, or about 4.3 billion addresses, so there should be enough
." However, in 2011, IANA (ICANN) made headlines by declaring that there were essentially "no addresses left."
With IPv6 adoption currently at a low level, if only one IP address per Internet-facing interface were needed to address this issue, it would reduce
the number of IP addresses used and result in lower fees for individuals and businesses, making it a win-win situation.

NAT Basics

With this background in mind, let's talk about the basics of NAT. It
may not be easy to understand just by saying that it "converts IP addresses," so let me use a little analogy.

Let's say a customer comes to your relatively large company with several departments addressed to the sales department.
The receptionist on the first floor confirms the information, "Addressed to Mr./Ms. XX in sales." After confirmation, the customer is guided to the fourth floor where the sales representative is located.

This is actually almost the same as NAT

・Customers cannot see inside the company, only the reception desk is visible as a contact point (IP address linked to the router WAN side interface)
・Customers are directed to the sales department on the 4th floor (global IP → private IP conversion process)

With this understanding of the concept, I would like to check the surveillance cameras installed on the company's internal network from outside

I'll set each IP address like this
(I'll leave out the local IP of the router to avoid confusion)

- WAN side IP of destination router: 12.34.56.78
- Private IP of surveillance camera: 192.168.10.252
- Global IP of source router: 98.76.54.32
- Private IP of source PC: 172.16.0.3
- Port number used by camera: TCP/60000

1) You access the company's global IP address from your local PC at home
( ・ω・)つ ﾟﾁｯ [PC] ---> [Source router] --- (Internet) ---> [Destination router]

172.16.0.3--→98.76.54.32--→12.34.56.78:60000
The source IP address undergoes source NAT conversion when it reaches the Internet, and
the destination router will see that the access came from 98.76.54.32.

2) Forwarding from the destination router to the surveillance camera
( ・ω・) woah woah [Source router]----(Internet)---[Destination router]--→[Surveillance camera]

98.76.54.32--→12.34.56.78--→192.168.10.252:60000
When the packet reaches the destination router, it is assumed that "since it's coming via TCP/60000, I just need to forward it to the surveillance camera" (pre-configuration required on the destination router), and
the packet is ultimately forwarded to 192.168.10.252.

Stateful inspection (ask ChatGPT for details) is performed on the return packets, so
you can view the surveillance camera footage on the connecting PC.

NAPT Basics

But what if the company president is a bit of a micromanager and has installed 10 surveillance cameras? There
is only one global IP address, and the port number cannot be changed from 60000 due to the specifications of the surveillance cameras.

NAPT (Network Address Port Translation) useful in such situations .

If you configure the router with static NAT

WAN:60000 --→ 192.168.10.252:60000
WAN:60001 --→ 192.168.10.253:60000
WAN:60002 --→ 192.168.10.254:60000
...

You can connect to each camera by keeping the same IP address, 12.34.56.78, and simply shifting the port number by one when accessing.
For example, if port number 60000 comes in, it goes straight to 192.168.10.252.
If port number 60001 comes in, it goes to another camera, 192.168.10.253, port 60000.
If port number 60002 comes in, it goes to another camera, 192.168.10.254, port 60000.
By linking destination IP addresses and port numbers one-to-one in this way, you can operate even with limited resources.

Summary and various NATs

Since most of our services are provided in a cloud environment, we don't have to think about NAT much, which is convenient since it's handled for us.
However, there are cases where a NAT Gateway is required when integrating with APIs, so I think this kind of knowledge is essential.
Even in modern services, NAT technology is used in a variety of situations, such as online competitive games using P2P technology and IP telephones, so it's clear that it is actually a technology that is used extensively behind the scenes.

The example I just gave was Static NAT, but there are also Dynamic NAT, Source NAT, Destination NAT, etc.
In addition, there are technologies that use complex port control mechanisms, such as Cone NAT and Synmetric NAT, which are used in P2P applications. Meijo University's materials provide very detailed information on this topic.

When I look back at these technologies, I am always impressed by how amazing the technology is that supports online games without delay.
I wrote this article in a rush and without any coherence, but I hope it will be useful to someone.
Until next time!

～Complete～