Content Overview The rapid growth of
the Internet has astonished most observers. One reason that the
Internet has grown so quickly is due to the flexibility of the
original design. Without developing new methodologies of IP
address assignment, this rapid growth of the Internet would
have exhausted the current supply of IP addresses. In order to
cope with a shortage of IP addresses, several solutions were
developed. One widely implemented solution is Network Address
Translation (NAT).NAT is a mechanism for conserving registered
IP addresses in large networks and simplifying IP addressing
management tasks. As a packet is routed through a network
device, usually a firewall or border router, the source IP
address is translated from a private internal network address
to a routable public IP address. This allows the packet to be
transported over public external networks, such as the
Internet. The public address in the reply is then translated
back to the private internal address for delivery within the
internal network. A variation of NAT, called Port Address
Translation (PAT), allows many internal private addresses to be
translated using a single external public address. Routers,
servers, and other key devices on the network usually require a
static IP configuration, which is entered manually. However,
desktop clients do not require a specific address but rather
any one in a range of addresses. This range is typically
within an IP subnet. A workstation within a specific subnet can
be assigned any address within a range while other values are
static, including the subnet mask, default gateway, and DNS
server. The Dynamic Host Configuration Protocol (DHCP) was
designed to assign IP addresses and other important network
configuration information dynamically. Because desktop clients
typically make up the bulk of network nodes, DHCP is an
extremely useful timesaving tool for network administrators.
Students completing this module should be able to:
- Identify private IP addresses as described in RFC
1918
- Discuss characteristics of NAT and PAT
- Explain the benefits of NAT
- Explain how to
configure NAT and PAT, including static translation, dynamic
translation, and overloading
- Identify the commands
used to verify NAT and PAT configuration
- List the
steps used to troubleshoot NAT and PAT configuration
- Discuss the advantages and disadvantages of NAT
- Describe the characteristics of DHCP
- Explain the
differences between BOOTP and DHCP
- Explain the DHCP
client configuration process
- Configure a DHCP
server
- Verify DHCP operation
- Troubleshoot a
DHCP configuration
- Explain DHCP relay requests
Content 1.1 Scaling Networks with NAT and
PAT 1.1.1 Private addressing RFC 1918 sets
aside three blocks of private IP addresses. They are one Class
A address, 16 Class B addresses, and 256 Class C addresses.
These addresses are for private, internal network use only.
Packets containing these addresses are not routed over the
Internet. Public Internet addresses must be registered by a
company with an Internet authority, for example, ARIN or RIPE.
These public Internet addresses can also be leased from an ISP.
Private IP addresses are reserved and can be used by anyone.
That means two networks, or two million networks, can each use
the same private address. A router should never route RFC 1918
addresses, because ISPs typically configure the border routers
to prevent privately addressed traffic from being forwarded.
NAT provides great benefits to individual companies and the
Internet. Before NAT, a host with a private address could not
access the Internet. Using NAT, individual companies can
address some or all of their hosts with private addresses and
use NAT to provide access the Internet. Web Links
Internet-Legal versus Private Addressing
http://www.unoverica.com/documentation/ ucm/mt211ai6.html
Content 1.1 Scaling Networks with NAT and PAT
1.1.2 Introducing NAT and PAT NAT is designed
to conserve IP addresses and enable networks to use private IP
addresses on internal networks. These private, internal
addresses are translated to routable, public addresses. This is
accomplished by inter-network devices running specialized NAT
software and can increase network privacy by hiding internal IP
addresses. A NAT enabled device typically operates at the
border of a stub network. A stub network is a network that has
a single connection to its neighbor network. When a host inside
the stub network wants to transmit to a host on the outside, it
forwards the packet to the border gateway router. The border
gateway router performs the NAT process, translating the
internal private address of a host to a public, external
routable address. In NAT terminology, the internal network is
the set of networks that are subject to translation. The
external network refers to all other addresses. Cisco defines
the following NAT terms: - Inside local address –
The IP address assigned to a host on the inside network. The
address is usually not an IP address assigned by the Network
Information Center (NIC) or service provider. This address is
likely to be an RFC 1918 private address.
- Inside
global address – A legitimate IP address assigned by the
NIC or service provider that represents one or more inside
local IP addresses to the outside world.
- Outside
local address – The IP address of an outside host as it is
known to the hosts on the inside network.
- Outside
global address – The IP address assigned to a host on the
outside network. The owner of the host assigns this
address.
Interactive Media Activity Drag and
Drop: Basic Network Address Translation When the student has
completed this activity, the student will be able to identify
the IP address translations that occur when using NAT. Web
Links NAT Frequently Asked Questions
http://www.cisco.com/en/US/tech/tk648/
tk361/technologies_q_and_a_ item09186a00800e523b.shtml
Content 1.1 Scaling Networks with NAT and PAT
1.1.3 Major NAT and PAT features NAT
translations can be used for a variety of purposes and can be
either dynamically or statically assigned. Static NAT is
designed to allow one-to-one mapping of local and global
addresses. This is particularly useful for hosts which must
have a consistent address that is accessible from the Internet.
Such hosts may be enterprise servers or networking
devices.Dynamic NAT is designed to map a private IP address to
a public address. Any IP address from a pool of public IP
addresses is assigned to a network host. Overloading, or Port
Address Translation (PAT), maps multiple private IP addresses
to a single public IP address. Multiple addresses can be mapped
to a single address because each private address is tracked by
a port number. PAT uses unique source port numbers on the
inside global IP address to distinguish between translations.
The port number is encoded in 16 bits. The total number of
internal addresses that can be translated to one external
address could theoretically be as high as 65,536 per IP
address. Realistically, the number of ports that can be
assigned a single IP address is around 4000. PAT will attempt
to preserve the original source port. If this source port is
already used, PAT will assign the first available port number
starting from the beginning of the appropriate port group
0-511, 512-1023, or 1024-65535. When there are no more ports
available and there is more than one external IP address
configured, PAT moves to the next IP address to try to allocate
the original source port again. This process continues until it
runs out of available ports and external IP addresses.NAT
offers the following benefits: - Eliminates reassigning
each host a new IP address when changing to a new ISP. NAT
eliminates the need to readdress all hosts that require
external access, saving time and money.
- Conserves
addresses through application port-level multiplexing. With