The quick definition: Network Address Translation (NAT) takes all private IP addresses and hides them behind a single global address.
What are private IP addresses?
Every computer on a network needs to have an IP address, but not everyone in the world needs to know those IP addresses. That’s where private IP addresses come in. There are three ranges of private IP addresses:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
If you look closely, you’ll notice that the 10.0.0.0 has the largest range. That’s why it’s used by most enterprise networks.
You might notice the third range is the smallest but it houses the most popular IP address in the world: 192.168.1.1. Look familiar? It’s the default address for most home routers.
Anybody can use these private IP addresses within their network but they can’t be advertised or routed on the internet. Many companies use the same 10.0.0.0 IP addressing scheme without affecting one another. Similarly, you can have millions of routers defaulted to 192.168.1.0, and it won’t harm a thing.
What are global IP addresses?
If the internet can’t use private IP addresses, then what does it use? The internet uses global addresses, which are handed out by the Internet Assigned Number Authority (IANA), and managed by service providers.
While private IP addresses aren’t allowed on the internet, global addresses can talk to each other over the internet, and internet-connected routers can send and receive traffic from these IP addresses.
Why hide internal IP addresses?
If you haven’t done so, you might want to read our How IP and MAC Addresses Work article. We’re picking up where that left off.
Let’s say you want to go to cbtnuggets.com. Your computer has an internal IP address, 192.168.1.5. Your computer knows it can’t get to the internet, so it goes to the router.
Your computer will first contact a Domain Name Server (DNS) and ask, “Where is cbtnuggets.com?” The DNS response is “You’re looking for 126.96.36.199.” Your computer doesn’t say anything back. Not because it’s rude. It’s just busy — and knows you don’t need to know which IP it is communicating with anyway.
With the IP address in hand, your computer realizes that 188.8.131.52 doesn’t start with 192.168.1, which means it’s not on its network, so it forwards the request to the router. Now we have the dilemma.
Your computer can only put one IP address in the header as the destination. How does it contact the router at 192.168.1.1 and say, “Hey, I want to go to 184.108.40.206”?
Your computer can’t send a request directly to 220.127.116.11; the computer has an internal IP address, and we know that’s not allowed on the internet.
The request can’t be sent directly to the router’s IP address, either. The router would not know how to respond to the secure web request.
Here’s how it all works
To talk to cbtnuggets.com, your computer will set the destination IP address to 18.104.22.168 but will set the destination MAC address to its gateway, the router.
When the request arrives at the router, it looks at its rules and sees that it received a request for a Global IP address and that it must translate the source IP address before routing the traffic. The router inserts an entry in the NAT table with the source and destination IP addresses and translates the source IP to its own Global IP address before forwarding the request to cbtnuggets.com.
Now that our NAT table is populated, when the response for the request arrives at the router, it simply consults the NAT table and translates the IP to the original clients IP address. And then the web page loads.
This is actually an example of 1:1 NAT. But what really happens on our home routers is PAT, NAT’s clever cousin. What would happen if we were using NAT and you sent a web request to cbtnuggets.com at the same time as your roommate who shares the same WiFi?
Well, your IP address is already using the routers Global IP for NAT translation, so it would be unavailable. PAT, which is also called NAT Overload, gets around this by recording the source/destination IP address, as well as the source and destination TCP/UDP ports in the NAT table. This allows about 64,000 simultaneous web requests using one Global IP!
If you would like to dive a little deeper, Border Gateway Protocol or BGP is the routing protocol that allows all the Global IP address to communicate with one another.
Not a CBT Nuggets subscriber? Start your free week now.