cybersecurity

What is NAT and what are the practical benefits?

A walk-through of this popular (and important) network concept.

Mike Berggren

Mike Berggren

2 min read
What is NAT and what are the practical benefits?
Photo by Dan Dennis / Unsplash
💡
This is part of an on-going series in cybersecurity foundations. Check the cyber 101 article tag index from time to time for more content.

Overview

Network Address Translation (NAT) has been around for exactly 1 billion years. OK, OK, not THAT long... but it's definitely a foundational element of modern networking. In today's article, we'll briefly describe how it works and why it's beneficial.

In essence, address translation is just a technique for translating (mapping) IP addresses in a packet. A classic analogy is a mail room at a corporate office:

  • When an employee needs to mail an outbound letter, they'll give that to their local mailroom.
  • When the mailroom processes the letter, they'll put the corporate office's return address (instead of the individual room/cubicle of the sender). There's no need for the outside recipient to know excessive details about internal office layout or details.

NAT is very similar. In this analogy, the employee is an internal device... the letter is a data packet... and the mailroom is functioning similarly to a router/firewall.

Going a bit deeper, there are a few different implementations of Address Translation:

  • Source Network Address Translation (SNAT) - Where a device is mapping/translating a source IP address and port.
  • Destination Network Address Translation (DNAT) - Where a device is translating the destination IP address and port.

Benefits

OK, so what's the point of all of this? It basically boils down to a few compelling benefits:

  • Enhanced security - Just like in the mailroom example, there's really no obvious reason why someone outside of an organization would need to know the precise location (private network address) of an internal party/device.
  • Helping reduce public IP address consumption - IPv4 addresses are still in short supply (geeky details here). It's slightly improved by IPv6, but the situation is by no means fully alleviated at the moment. NAT allows multiple private resources to share a common public IP address.
  • Internal (private) address flexibility - Because there's a layer of address separation between internal and external sides of a NAT mapping, there's more flexibility for addressing.
    • Private addresses can be reused in multiple networks.
    • Private addresses aren't necessarily impacted by changes on the internet side (like switching IPs).

For additional information, check out these links...

What Is Network Address Translation (NAT)?
NAT enables private IP networks to use the internet and cloud by translating (internal) private IP addresses to (external) public IP addresses.
Cisco
What is NAT (Network Address Translation)? How does NAT work? | Fortinet
Network address translation (NAT) is a technique used by organizations to enable multiple devices to share a single public IP address. Learn what NAT is and how it works.
Fortinet

Read more