Think about this…
There are 4.2 billion IPv4 public IP addresses available.
There are 8.7 billion Internet-connected devices in the world.
If there are more Internet-connected devices than there are publicly available IP addresses, how have we not run out of IP addresses already?!
Because of NAT.
NAT can hide multiple devices within the same network behind just 1 IP address.
Private IP addresses cannot be sent over the Internet, only public IP addresses can.
There are more people with private IP addresses in the world than there are public IP addresses.
Then how are computers assigned with private IP addresses able to go out to the Internet?
Because of NAT.
NAT allows private IPs to traverse the Internet by translating them into a public IP.
Click here to learn more about private IP ranges: Excuse Me, Is This IP Address Free or For Sale?
Advantages of NAT
- Many-to-One NAT hides all the computers in a local area network behind 1 public IP address. Jack, Ken, Paul, and Steve all have private IP addresses assigned to them in their local network. When they all reach out to the Internet, all their machines will use 1 public IP address.
- One-to-One NAT correlates 1 machine with a private IP address to 1 public IP address. This type of NAT is not so much for internal users, it is for web servers. This way, users can initiate connections from the Internet to reach the Web Server on it’s public IP.
- Public IPs are running out. The fact of the matter is that the world is running out of public IP addresses. NAT helps to consolidate multiple machines with private IP addresses by making all of them use 1 public IP. Using NAT to consolidate entire local networks behind one IP addresses is a great way to save IP spaces.
- NAT saves money because it costs money to buy public IP addresses. A company can have 500 users, and the CFO does NOT want to purchase 500 different public IP addresses. The company can buy 1 public IP, and use that for all 500 users.
Not everyone needs their own IP!
However, with the use of IPv6, everyone CAN have their own IP.
Number of available IPv4 public IP addresses: 4,500,000,000
Number of available IPv6 public IP addresses: 340,282,366,920,938,463,463,374,607,431,768,211,456
Click here to learn more about: The Different Types of NAT
The Concept of NAT
Jack has an IP address of 192.168.5.10 – a private IP address
Jack uses his computer to go to https://www.google.com
Jack’s request ingresses his company router’s local interface port from his computer as 192.168.5.10
And egresses the router’s firewall facing interface port as 192.168.5.10
From the router to the firewall the packet still has a source IP of 192.168.5.10
The packet then enters the firewall
The firewall will be the one to perform Network Address Translation
The packet ingresses the firewall as 192.168.5.10, and then egresses towards the Internet as 184.108.40.206 – a public IP
This is the concept of how NAT functions.
The company bought the IP 220.127.116.11 to represent Jack’s machine, as well as other machines in the same network.
In our scenario, a firewall did the translating of the private IP address to the public IP address.
But a router can perform NAT too.
It all depends on how your company infrastructure is setup.
Some companies have a firewall at the edge of their network with a router behind it. While others have a router at the edge of their network with a firewall behind it.
You can check the PROS and CONS of each scenario in this post: Should I Put the Firewall Before or after a Router?
What if NAT isn’t configured on a firewall or a router?
What happens when a machine with an IP of 192.168.5.10 tries to go out to the Internet?
The router will drop it.
A router sitting between the Internet (which uses public IPs) and the local network (which uses private IPs), will drop any packets with a private IP address unless NAT is configured.
Also, private IP addresses can be routed through the Internet through the use of technologies like a VPN or an MPLS. But these technologies have ways to “hide” the fact that they are carrying private IP addresses.
Lastly, private IP addresses can be routed through the Internet, but most edge devices such as Internet backbone routers are designed to drop them automatically.