3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

971

972

973

974

975

976

977

978

979

980

986 CHAPTER 76: NAT CONFIGURATION

Figure 296 A basic NAT operation

■ NAT gateway lies between the private network and the public network.

■ The internal PC (with source IP address 192.168.1.3) sends an IP packet (IP

packet 1) to the external server (with source IP address 10.1.1.2) through the

NAT gateway.

■ Upon receipt of the packet, the NAT gateway checks the packet header and

translates the original private address 192.168.1.3 to a globally unique IP

address 20.1.1.1 for routing over the Internet. After that, the gateway

forwards the packet and records the mapping between the two addresses in its

network address translation table.

■ The external server responds the internal PC with an IP packet (IP packet 2 with

original destination IP address 20.1.1.1) through the NAT gateway. Upon

receipt of the packet, the NAT gateway checks the packet header and looks in

its network address translation table for the mapping and replaces the original

destination address with the private address 192.168.1.3.

The above NAT operation is transparent to the terminals like the Host and the

Server in the above figure. The external server believes that the IP address of the

internal PC is 20.1.1.1, and is unaware of the private address 192.168.1.3. As

such, NAT hides the private network from the external networks.

Despite the advantage of allowing internal hosts to access external resources and

providing privacy, NAT also has the following disadvantages:

■ As NAT involves translation of IP addresses, the packet headers that carry these

addresses cannot be encrypted. This is also true to the application protocol

packets when the contained IP address or port number needs to be translated.

For example, you cannot encrypt an FTP connection, or its port command

cannot work correctly.

■ Network debugging becomes more difficult. For example, when a host in a

private network tries to attack other networks, it is harder to pinpoint the

attacking host as the host IP address has been hidden.

■ The influence of NAT on network performance is not obvious when the

bandwidth is lower than 1.5 Gbps. The bottleneck in this scenario lies in the

Internet

IP packet 1

Source IP : 192.168.1.3

Destination IP : 10.1.1.2

IP packet 1

Source IP : 20.1.1.1

Destination IP : 10.1.1.2

192.168.1.1 20.1.1.1

IP packet 2

Source IP : 10.1.1.3

Destination IP : 20.1.1.1

IP packet 2

Source IP : 10.1.1.3

Destination IP :192.168 .1.2

10 .1 .1. 2

10.1.1.3

Server B

Host

Server A

192.168.1 .2

192.168.1.3

Host