What is NAT?
Network Address Translation [NAT] is a commonplace technology, but what is it and how does it impact your IT Operations responsibilities?
There are many variations on NAT, yet the main theme is that a gateway on your network provides a translation service, replacing addressing information on the traffic flowing through it.
The most common form of NAT is many-to-one translation. This is used by a gateway to provide outward access for many systems via a shared point. The environment external to the gateway sees only the translation addresses that the gateway is configured to use. The gateway’s external addresses likely bear no relation to the addressing used behind the gateway, thus allowing for private addressing and private address management situations.
Why Use NAT?
While the direct benefit of NAT is the external address sharing mechanisms it provides, it indirectly benefits an environment by providing a protection barrier. From the external environment, access into the address space behind the gateway is typically restricted. Even if an external agent knows the layout of the private address space behind the gateway,the NAT mechanism and configuration very likely prevent accessing the internal systems except as explicitly allowed by the gateway. The wall thus created by NAT becomes a first-line barrier against the wilds beyond.
NAT affects all traffic. As your local traffic consists primarily of IP-based TCP and UDP protocols, ICMP, and some RARP/ARP, know that all are being guarded by the NAT gateway from external visibility as well as external interference.
The key points to know when working with gateways and NAT concern the provided functionality – both the abilities and the limitations. NAT services vary from vendor to vendor. Each provides outright and yet also sometimes subtle variations on the theme of address translation. Of particular interest will be learning how to manage NAT in-coming traffic allowances. Request management, where the request is coming from a source external to the gateway, needs to be carefully configured and then managed across time. It can be surprising to find how many allowances come to exist after a period of time and how easily they can be forgotten. Stay on top of your gateway and NAT configuration. Make sure your team knows the reasons for the allowances that have been made. You will find NAT can be worthwhile service but it requires tracking and understanding.