Network Address Translation (NAT) -
It’s known that NAT (Network Address Translation) can ensure security since each outgoing or incoming request must go through a translation process that offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of global IP addresses that a company needs and it lets the company use a single IP address in its communication with the world.
There are some other sticky network problems that need NAT (Benefit of NAT)
Static or dynamic translation
We’ve already mentioned that NAT cures duplicate address ranges without readdressing host computers. The translation done by NAT can be either static or dynamic. Static translation is where we specify a lookup table, and one inside address is turned into one pre-specified outside address. Dynamic is where we tell the NAT router what inside addresses need to be translated, and what pool of addresses may be used for the outside addresses. There can be multiple pools of outside addresses. ICMP host unreachable messages are used when addresses run out.
Port multiplexing
With NAT, multiple internal hosts can also share a single outside IP address, which conserves address space. This is done by port multiplexing: changing the source port on the outbound packet so that replies can be directed back to the appropriate machine.
Load distribution
You can also do load distribution via NAT: have one external address (perhaps your Web server’s name, www.cisco1900router.com, maps to this address). Then round-robin between different inside machines, so that incoming new connections are distributed across several machines. (Since each connection may involve state information, a given connection has to remain on one machine.)
Readdressing
Organizations that change service providers are now typically not allowed to take their address with them (because exceptions to CIDR addressing blocks have become a problem). NAT solves this by allowing re-addressing to occur at the gateway, allowing time to convert internal hosts to the new network number.
Additionally, NAT also enhances security—internal network topology and addresses are hidden from the outside world. The only thing NAT really can’t do much about is sloppily-written applications, with hard-coded raw IP addresses.
Disadvantages of NAT
Address translation is not practical for large numbers of internal hosts all talking at the same time to the outside world. NAT just won’t work well at a large scale.
Besides, performance may be a consideration. Currently, NAT only runs on Cisco 7500 routers with the RSP. Even there, NAT causes process switching on its configured interfaces. You can think of this as if the CPU has to look at every packet, deciding whether or not to translate it, and whether to alter the IP header, or possibly the TCP header. One doubts that this will be easily cache-able.
For more Reference :
No comments:
Post a Comment