Network Address Translation (NAT)

Ref: https://learn.cantrill.io/courses/2022818/lectures/45661882 and https://learn.cantrill.io/courses/2022818/lectures/45661883

YouTube: https://www.youtube.com/watch?v=YcZvl1p22IM and https://www.youtube.com/watch?v=0BgNWcqxam4

NAT - Key Concepts

🔧 Translates private IPv4 addresses to public IPv4 addresses, and viceversa
- Multiple private devices can share a single public IPv4 address
- 💡 Public address → routable in public internet; Private address → routable only in a private NW
Originally designed to address IPv4 shortages (not enough IPs for all internet devices)
- ❗ …also provides security benefits as a side-effect!
  - External-initiated connections can be filtered out
- ‼️ NOT needed in IPv6!!
  - There's no shortages in the IPv6 addressing space!
NW devices (e.g. routers) can store NAT tables, which contain each “translation”
- ❗ IP addresses stay the same as they traverse a L3 NW… except when NAT is involved!

🔧 1 private IP ↔ 1 public IP (fixed)
- 💡 In AWS, this is how Internet Gateway (IGW) works
Outbound traffic (private client’s request):
1. Private laptop sends packets with SRC IP=10.0.0.42 & DST IP=Netflix public IP
2. Packet arrives to NAT device, which translates SRC IP to its own public IP (52.95.36.67), then forwards packet to destination
3. Netflix servers receive a packet, which they believe comes from NAT device
Inbound traffic (public server's response):
1. Netflix server replies with packet with SRC IP=Netflix public IP & DST IP=52.95.36.67
2. Packet arrives to NAT device, sees there's an entry in NAT table for this connection, so it translates DST IP to laptop's private IP (10.0.0.42), then forwards packet to laptop
3. Laptop receives response, which it believes comes from Netflix (it does, but indirectly)
‼️ Devices in private NW do NOT have a public IP!! Only an allocated entry in NAT table!

🔧 Number of private IPs > Number of public IPs
- Similar to static NAT… but devices don't get a permanent public IP, they get a temporary public IP from a pool