Network Address Translation (NAT)

Network Address Translation (NAT) allows a group of network connected devices behind a NAT capable router to connect to other external network services such as the Internet using a single Internet Protocol (IP) address (i.e. all devices appear to have the same IP address to any external device or service). IF we assume that the IP address uses the IPv4 format (xxx.xxx.xxx.xxx) and these are now of very limited availability, NAT allows many more devices to connect to external networks without taking more than one IPv4 address. As a result NAT is extremely popular and has been built in to many routers, especially as used in the home, for many years.

Unfortunately, as Phifer (2000) states that “our need to conserve IPv4 addresses has prompted many to overlook the inherent limitations of NAT”, the one most relevant to this discussion being that NAT changes the content of IP packets where IP Security (IPSec) applies a standard header to the entire packet for security which, if changed, causes the packet to be rejected and therefore the two are totally incompatible. Attempts have been made to negate this incompatibility by using tunnels and by placing devices on the network that either perform IPSec after NAT or combining the two processes together in a single device but great care must be taken or some form of checksum, key or header IP modification will cause the packet to fail to reach its destination as a valid packet.

In theory, the IPv6 format for IP addresses, which allows 2128 – 232 more unique IP addresses globally, could solve NAT issues as it simply would not be needed, there would be enough unique IP addresses for every devices on every network. Hence every device could use IPSec, which IPv6 takes advantage of, without the problems that NAT presents. However, we are currently in the situation where the majority of systems remain on IPv4 and some have or are slowly migrating to IPv6, therefore there is an intermediate problem of handling NAT in the meantime while the two IP systems exist that will allow them to communicate with each other, which will not provide a solution and hence “IPv6 won’t make the NAT traversal problem go away” Passmore (2004). In addition, the speed at which IPv6 is being implemented may cause this problem to remain for some years as the transition from IPv4 to IPv6 requires compatible software and hardware, expertise, standardisation and therefore funds and other resources to be dedicated at every level of every network; these imply that the transition will take some time, especially in a global economy where many are limiting their expenditure, which could only be accelerated, in my opinion, by the provision of resources (education, expertise and funds) to key network players and a requirement to meet deadlines by a certain date backed by some form of regulation.

References

Kurose & Ross (2010) Computer Networking: A Top-Down Approach (Fifth Edition). Addison Wesley.

Passmore, D (2004), ‘The NAT Traversal Problem’, Business Communications Review, 34, 12, pp. 12-13, Communication & Mass Media Complete, EBSCOhost, viewed 1 May 2011.

Phifer, L (2000) The Internet Protocol Journal: The Trouble with NAT [Online]. Available at http://www.cisco.com/web/about/ac123/ac147/ac174/ac182/about_cisco_ipj_archive_article09186a00800c83ec.html (Accessed 1 May 2011).