Nov 21, 2011

What is the advantage to using NAT instead of an actual IP address?

I understand that NAT (network address translation) can hide the actual IP address of a host from outside of a network, but I don't really get what the advantages of use are beyond that. What is the advantage of using NAT?

Hi henyfoxe,

You might find this background article useful in understanding the advantages of NAT.

Network address translation

"In computer networking, network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.

The simplest type of NAT provides a one to one translation of IP addresses. RFC 2663 refers to this type of NAT as basic NAT. It is often also referred to as one-to-one NAT. In this type of NAT only the IP addresses, IP header checksum and any higher level checksums that include the IP address need to be changed. The rest of the packet can be left untouched (at least for basic TCP/UDP functionality, some higher level protocols may need further translation). Basic NATs can be used when there is a requirement to interconnect two IP networks with incompatible addressing.

However it is common to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space. To avoid ambiguity in the handling of returned packets, a one-to-many NAT must alter higher level information such as TCP/UDP ports in outgoing communications and must maintain a translation table so that return packets can be correctly translated back. RFC 2663 uses the term NAPT (network address and port translation) for this type of NAT. Other names include PAT (port address translation), IP masquerading, NAT Overload and many-to-one NAT. Since this is the most common type of NAT it is often referred to simply as NAT."

First off, the NAT device has to have a unique IP address to identify the host to the internet.  Once you are behind the firewall, you can use whatever IP address you want.  One the way outbound across the firewall, the internal IP addresses are converted to the public IP address, and inbound packets result in the NAT device converting in the opposite way.  The main benefit is that NAT slows down the speed at which IP address space is assigned because a single IP address can be used for more than a single host.  Outgoing and inbound packets are kept track of by the NAT device and matched up so the incoming packets match up with the correct host by switching destination addresses as necessary. 

Answer this