NAT Overloading Example

Back>
In previous post, we have an overview about NAT and PAT, let's take a look at an example here.

For this example, you have four users (each using non-routable internal network addresses ) behind a router with NAT capability.  The router has one legal IP address, 215.37.32.203, that it advertises to the Internet, but four unique ports.  A remote server may communicate with multiple workstations on this LAN by also using it's one IP address but four unique ports

Source Computer	Source Computer's IP Address	Source Computer's Port	NAT Router's IP Address	NAT Router's Assigned Port Number
A	192.168.32.10	400	215.37.32.203	7000
B	192.168.32.13	50	215.37.32.203	7001
C	192.168.32.15	3750	215.37.32.203	7002
D	192.168.32.18	3750	215.37.32.203	7003

 Here's how the overloading works.  They key is an "address translation table" set up and stored by the router:

• An internal network 192.168.32.0/24 has been set up with non-routable IP addresses that were not specifically allocated to that company by IANA.
• The company sets up a router with NAT enabled. The router has a unique IP address 215.37.32.203 given to the company by IANA. The router acts as an internet gateway, with NAT enabled.
• A computer with 192.168.32.10 on the internal network attempts to connect to a computer outside the network, such as a web server 87.106.83.127:80.
• The router receives the host to host data link layer Ethernet frame from the computer A.
• The router check the layer 2 Ethernet frame's payload -- the layer 3 IP packet, find the source IP field is 192.168.32.10 and the destination IP field is 87.106.83.127. The destination IP address belongs to network 87.0.0.0/8, which is in a different LAN than source IP's 215.37.32.0/24 network, the router knows that the packet need to be forwarded to one of the neighboring routers.
• Since the router is also a NAT enabled internet gateway, it further examines the layer 3 packet's payload -- the layer 4 TCP segment, from the source port field, router knows the source port number is 400. from the destination port field, the router knows the destination port is 80. Router checks its network translation table, since it is empty, router needs to save a translation record for the computer A's IP address and port number 192.168.32.10:400 in the NAT table.
• The router checks it NAT translation rule, from the rule, router know the computer A's IP address 192.168.32.10 need to be translated to the router's IP address 215.37.32.203. According to the rule, the router also replaces the sending computer's source port 400 with a random assigned unique port number 7001.  Router now saves a record in NAT table, 192.168.32.10:400 - 215.37.32.203:7001. NAT table now has a mapping of the computer's non-routable IP address and port number along with the router's IP address and translated port number.
• Before the layer 2 Ethernet frame leaves the router's port towards the next router's mac address, the router changes the layer 3 IP packet's Source IP field value from 192.168.32.10 to 215.37.32.203, the router also changes the layer 4 TCP segment's Source port field value from 400 to 7001.
• From now on, the other routers in the internet will deal with an TCP packet with source IP address 215.37.32.203 and source port 7001. 
• The other internet routers route the packet to 87.0.0.0/8 network, the web server at 87.106.83.127 replies by sending a TCP segment with destination IP 215.37.32.203, destination port 7001 and source IP 87.106.83.127, source port 80.
• The router receives the packet with destination IP 215.37.32.203 and destination port 7001. The router checks its NAT table, there is a matching record, 192.168.32.10:400 - 215.37.32.203:7001. So the router changes the network layer packet's destination IP from 215.37.32.203 to 192.168.32.10, it also changes transport layer segment's destination port field from 7001 to 400.
• Since 192.168.32.10's network 192.168.32.0/24 is directly connected to the router, the router delivers it to Computer A's mac address via the data link layer Ethernet frame.
• The computer receives the packet from the router and the process repeats as long as the computer is communicating with the external system.
• Since the NAT router now has the computer's source address and source port saved to the address translation table, it will continue to use that same port number for the duration of the connection. A timer is reset each time the router accesses an entry in the table. If the entry is not accessed again before the timer expires, the entry is removed from the table.

As you can see, the NAT router stores the IP address and port number of each computer in the network address translation (NAT) table. It then replaces the IP address with its own registered IP address and the port number corresponding to the location of the entry for that packet's source computer in the table. So any external network sees the NAT Router's IP address and the port number assigned by the router as the source computer information on each packet.

You can still have some computers on the stub domain that use dedicated IP addresses. You can create an access list of IP addresses that tells the router which computers on the network require NAT. All other IP addresses will pass through untranslated.

The number of simultaneous translations that a router will support is determined mainly by the amount of DRAM (Dynamic Random Access Memory) it has. But since a typical entry in the address translation table only takes about 160 bytes, a router with 4 MB of DRAM could theoretically process 26,214 simultaneous translations! Which is more than enough for most applications.