NAT can be used in different scenarios, sometimes to protect portions of your network from the Internet, sometimes to save the IPv4 address space, and in smaller networks is also used to share a single Internet connection with a single routable IP allocated.
However, using NAT have some advantages as well as some disadvantages.
NAT can be used with routable (public) IP addresses, as well as with private (RFC 1918) IP address. However, the chance you’ll use a public IP address in your NAT application is small. Since that IP is routable on the Internet, the only case when you’ll want to use NAT is if you want to “hide” the source IP address of your equipment/computer and use the router’s address instead, when he makes a request to a remote device.
In most cases, NAT is used when you don’t have enough public IPs assigned for your network and when you want to protect some hosts on your network for requests originating from the Internet. This is called NAT Overload.
Because there are not too many IPs left in the IPv4 address space, you may not and you should not get as many IP addresses as needed to allocate at least one IP address for each host/device in your network. If every device would have its own public IP address, soon we will run out of IP addresses, and new devices will not be able to benefit from Internet connectivity until one device is disconnected. Authorities all over the world are encouraging service providers and companies which are not using all their allocated addresses to return them, so those IP addresses can be reused by someone who really needs them.
In some other cases, you may need to have private IP addresses as well as public IP addresses assigned to the hosts of your network, and you need those hosts to have an “extra layer” of security. In this case, you can do a 1:1 NAT using static or dynamic NAT. For example, you have some in-house developed application and you need to be sure that no one from the Internet will be able to access that application. You can use private IP addresses for your internal network, and the router connected to your service provider must do either static NAT and map every private IP address to a public one, or dynamic NAT using a pool of available public IP addresses.
Using NAT has some benefits:
- You help in conserving the IPv4 address space (when you use NAT Overload).
- You increase the flexibility and the reliability of connections to the public network by implementing multiple pools, backup pools, and load-balancing pools.
- You have a consistent network addressing scheme. If you use a public IP address, first you’ll get an address space assigned to you. As your network grows, you’ll have to buy more and when you buy more, the chance of getting IP addresses from the same IP address class is minimal and even zero.
- You get an extra layer of network security. Hosts inside a NAT network are not reachable by hosts on other networks unless you want to.
However, NAT has some drawbacks too:
- When hosts inside your network make a request to a remote site, the remote site will see the connection as it’s coming from your NAT router. Some hosts implement a level of security regarding how many connections to accept from another host and they do not respond if the defined number of requests has been reached. This can degrade the performance of your network.
- Because many applications and protocols depend on end-to-end functionality, your network may not be able to use some of them. As we already told you, hosts inside a NAT network are not reachable by hosts in other networks.
- End-to-end IP traceability is also lost. If you need to troubleshoot your network from a remote site, you will find troubleshooting more difficult and sometimes even impossible.
- Using tunneling protocols, such as IPsec, can also be more complicated because NAT modifies values in the headers that interfere with integrity checks done by IPsec and other tunneling protocols. However, newer routers have special features to support tunneling protocols.
- Services that require TCP or UDP connection initiation from the outside can also be affected and sometimes not usable at all.
As part of our Cisco CCNA certification series, we have presented to you some possible applications of NAT as well as the advantages and disadvantages of using it. You should be aware of these advantages and disadvantages if you want to implement NAT in your network. When you design your network, always do it carefully so it will be easier to expand or integrate new services in the future. If you want to implement a NAT network, keep in mind that you should either use public IP addresses for your servers and other hosts and devices in your network which have to be accessible from the Internet, either use static NAT with port forwarding on the desired ports.