Internet Protocol version 4 uses a 32 bit IP address. In theory ,a 32 bit address space should provide addresses for more than four billion computers, but inefficiencies in address allocation mean that less than half of the addresses are used. The result is so called-'Mnternet address crisis"-there! are more computers than usable addresses Therefore permanent IP addresses have become expensive. There are two solutions to the problem .One is a long term solution of using IPv6,and the other is a short -time practical solution called NAT which is highly used. This seminars tries to bring out the [details of NAT and finally how it helps to implement the IPv4 to IPv6 transitions .
Network Address Translation is a method by which IP addresses are mapped from one realm to another, in an attempt to provide transparent routing to hosts. Traditionally, NAT devices) are used to connect an isolated address realm with private unregistered addresses to an external realm with globally unique registered addresses.
12. l.INTRODUCTION AND OVERVIEW
The need for IP Address translation arises when a network's internal IP addresses cannot be used outside the network either because they are invalid for use outside, or because the internal addressing must be kept private from the external network.
Address translation allows hosts in a private network to transparently communicate with destinations on an external network and vice versa . There are a variety of flavors of NAT and terms to match them. This document attempts to define the terminology used and to identify various flavors of NAT. The document also attempts to describe other considerations applicable to NAT devices in general.
NAT devices attempt to provide a transparent routing solution to the end hosts trying to communicate from disparate address realms .This is achieved by modifying end node addresses en-route and maintaining state for these updates so that datagrams pertaining to a session are routed to he right-end node in either realm. This solution only works when the applications do not use the IP addresses as part of the protocol itself. For eg:identifying end points using DNS names rather than addresses makes applications less dependent of the actual addresses that NAT chooses and avoids the need to also translate payload contents when NAT changes an IP address.
The NAT function cannot by itself support all applications transparently and often must co-exist with application level gateways (ALGs) for this reason. People looking to deploy NAT based solutions need to determine their application requirements first and assess the NAT extensions (ie,ALGs) necessary to provide application transparency for their environment .
IPsec techniques which are intended to preserve the End point addresses of an IP packet will not work with NAT en-route for most applications in practice. Techniques such as AH and ESP protect the contents of the IP headers (including the source and destination addresses) from modification. Yet.NAT's fundamental role is to alter the addresses in the IP header of a packet.
2.WHAT IS NAT?
Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations. In computer networking, the process of network address translation (NAT, also known as network masquerading or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address (see gateway). According to specifications, routers should not act in this way. but many network administrators find NAT a convenient technique and use it widely. Nonetheless, NAT can introduce complications in communication between hosts.
The NAT router translates traffic coming into and leaving the private network.
Network Address Translation allows a single device, such as a router, to act as an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers.
3.OPERATIONS OF NAT
A typical IP masquerade configuration
Fran:Ã‚Â«llfttttpatMM 1 Fran: I?: IS, 1.5pert 134
V i?:iÃ‚Â«n.i.jfoi lii
We have a small Ethernet network using one of the reserved network addresses. The network has a masquerade router providing access to the Internet. One of the workstations on thej| network (192.168.1.3) wishes to establish a connection to the remote host 220.127.116.11 on port 8888 The workstation routes its datagram to the masquerade router, which identifies this connection request| as requiring masquerade services. It accepts the datagram and allocates a port number to use (1035) substitutes its own IP address and port number for those of the originating host, and transmits the datagram to the destination host. The destination host believes it has received a connection request from the masquerade host and generates a reply datagram. The masquerade host, upon receiving this datagram, finds the association in its masquerade table and reverses the substitution it performed on the outgoing datagram. It then transmits the reply datagram to the originating host.
The local host believes it is speaking directly to the remote host. The remote host knows nothing about Ihe local host at all and believes it has received a connection from the masquerade host. The masquerade host knows these two hosts are speaking to each other, and on what ports, and performs [he address and port translations necessary to allow communication.
4. FORMS OF NAT
NAT has many forms and can work in several ways:
Â¢ Static NAT - A type of NAT in which a private IP address is mapped to a public IP address, where the public address is always the same IP address (i.e., it has a static address). This allows an internal host, such as a Web server, to have an unregistered (private) IP address and still be reachable over the Internet.
In static NAT, the computer with the IP address of 192.168.32 10 will always translate to
Â¢ Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.
Dynamic NAT - A type of NAT in which a private IP address is mapped to a public IP address drawing from a pool of registered (public) IP addresses. Typically, the NAT router in a network will keep a table of registered IP addresses, and when a private IP address requests access to the Internet, the router chooses an IP address from the table that is not at the time being used by another private IP address. Dynamic NAT helps to secure a network as it masks the internal configuration of a private network and makes it difficult for someone outside the network to monitor individual usage patterns. Another advantage of dynamic NAT is that it allows a private network to use private IP addresses that are invalid on the Internet but useful as internal addresses
Â¢ Overlapping - When the IP addresses used on your internal network are registered IP addresses in use on another network, the router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. It is important to note that the NAT router must translate the "internal" addresses to registered unique addresses as well as translate the "external" registered addresses to addresses that are unique to the private network. This can be done either through static NAT or by using DNS and implementing dynamic NAT.
5.BASIC NAT VS PORT NUMBER TRANSLATION
Two kinds of network address translation exist. The type often popularly called simply "NAT" (also sometimes named "Network Address Port Translation" or "NAPT") refers to network address translation involving the mapping of port numbers, allowing multiple machines to share a single IP address. The other, technically simpler, form - also called NAT or "one-to-one NAT" or "basic NAT" or "static NAT" - involves only address translation, not port mapping. This requires an external IP address for each simultaneous connection. Broadband routers often use this feature, sometimes labeled "DMZ host", to allow a designated computer to accept all external connections even when The router itself uses the only available external IP address.
NAT with port-translation comes in two sub-types: source address translation (source NAT), which reÃ‚Â¬writes the IP address of the computer which initiated the connection; and its counterpart, destination address translation (destination NAT). In practice, both are usually used together in coordination for two-way communication.
6.CLASSIFICATIONS OF NAT
Different types of NAT:-
Applications that deal with NAT sometimes need to characterize NAT by type. The STUN protocol,  proposed to characterize Network address translation as Full cone NAT, restricted cone NAT, port restricted cone NAT or symmetric NAT. Note that it is indeed called "cone" and not possibly a type of "clone".
Â¢ With full cone NAT, also known as one-to-one NAT, all requests from the same internal IP address and port are mapped to the same external IP address and port. An external host can send a packet to the internal host, by sending a packet to the mapped external address.
Â¢ With restricted cone NAT, all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host can send a packet to the internal host only if the internal host had previously sent a packet to it.
Â¢ With Port restricted cone NAT or symmetric NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet to a particular port on the internal host only if the internal host had previously sent a packet from that port to the external host.
Â¢ With symmetric NAT all requests from the same internal IP address and port to a specific destination IP address and port are mapped to a unique external source IP address and port. It the same internal host sends a packet with the same source address and port to a different destination, a different mapping is used. Only an external host that receives a packet can send a UDP packet back to the internal host.
1. In addition to the convenience and iow cost of NAT, the lack of full bidirectional connectivity can be regarded in some situations as a "feature", rather than a "limitation".
2. To the extent that NAT depends on a machine on the local network to initiate any connection to hosts on the other side of the router, it prevents malicious activity initiated by outside hosts from reaching those local hosts. This can enhance the reliability of local systems by stopping worms and enhance privacy by discouraging scans. Many NAT-enabled firewalls use this as the core of the protection they provide.
3. The greatest benefit of NAT is that it is a practical solution to the impending exhaustion o( IPv4 address space.
4. Networks that previously required a Class B IP range or a block of Class C network addresses can now be connected to the Internet with as little as a single IP address (many home networks are set up this way).
5. The more common arrangement is having machines that require true bidirectional and unfettered connectivity supplied with a 'real' IP addresses, while having machines that do not provide services to outside users (e.g, a secretary's computer) tucked away behind NAT with only a few IP addresses used to enable Internet access.
1. Hosts behind a NAT-enabled router do not have true end-to-end connectivity and cannot participate in some Internet protocols.
2. Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted. Unless the NAT router makes a specific effort to support such protocols, incoming packets cannot reach their destination.
3. Some protocols can accommodate one instance of NAT between participating hosts ("passive mode" FTP, for example), sometimes with the assistance of an Application Layer Gateway , but fail when both systems are separated from the Internet by NAT.
4. Use of NAT also complicates security protocols such as IPsec
5. Depending on one's point of view, another drawback of NAT is that it greatly slowed the acceptance of IPv6, relegating it to research networks and limited public use.
(End-to-end connectivity has been a core principle of the Internet, supported for example by the Internet Architecture board. Some people thus regard NAT as a detriment to the Public Internet. Some internet service providers (ISPs) only provide their customers with "local" IP addresses. Thus, these customers must access services external to the ISP's network through NAT. As a result, some may argue that such companies do not properly provide "Internet" service.) j 9.APPLICATIONS AFFECTED BY NAT
Some higher-layer protocols (such as FTP and SIP) send network layer address information inside application payloads. FTP in active mode, for example, uses separate connections for control traffic (commands) and for data traffic (file contents). When requesting a file transfer, the host making the request identifies the corresponding data connection by its layer 3 and layer 4 addresses. If the host making the request lies behind a simple NAT firewall, the translation of the IP address and/or TCP port number makes the information received by the server invalid.
An Application Layer Gateway (ALG) can fix this problem. An ALG software module running on a NAT firewall device updates any payload data made invalid by address translation. ALGs obviously need to understand the higher-layer protocol that they need to fix, and so each protocol with this problem requires a separate ALG.
Another possible solution to this problem is to use NAT traversal techniques using protocols such as STUN or ICE or proprietary approaches in a session border controller. NAT traversal is possible in both TCP- and UDP-based applications, but the UDP-based technique is simpler, more widely understood, and more compatible with legacy NATs. In either case, the high level protocol must be designed with NAT traversal in mind, and it does not work reliably across symmetric NATs or other poorly-behaved legacy NATs.
Yet another possibility is UPnP (Universal Plug and Play) or Bonjour but this requires the cooperation of the NAT device.
Most traditional client-server protocols (FTP being the main exception), however, do not send layer 3 contact information and therefore do not require any special treatment by NATs. In fact, avoiding NAT complications is practically a requirement when designing new higher-layer protocols today.
NATs can also cause problems where IPsec encryption is applied and in cases where multiple devices such as SIP phones are located behind a NAT. Phones which encrypt their signalling with IPsec encapsulate the port information within the IPsec packet meaning that NA(P)T devices cannot access and translate the port. In these cases the NA(P)T devices revert to simple NAT operation. This means that all traffic returning to the NAT will be mapped onto one client causing the service to fail. There are a couple of solutions to this problem, one is to use TLS which operates at level 4 in the OSI Reference Model and therefore does not mask the port number, or to Encapsulate the IPsec within UDP - the latter being the solution chosen by TISPAN to achieve secure NAT traversal.
I 10.IPv6 - is it creeping into your network?
Most organizations are currently running version 4 of the Internet protocol (IP) on their networks. Suppliers have for some time been providing equipment to a new, higher standard known as IPV6 and networks are migrating .
IPv6 (Internet Protocol version 6) is the next generation of the protocol that runs the Internet. Currently a set of draft standards in the Internet Engineering Task Force (IETF), it is designed to improve upon IPv4, in terms of scalability, ease-of-configuration, security and to re-introduce the original TCP/IP benefits for global networking. Central to the competitiveness and performance of all network users, it's use will also expand the capabilities of the Internet to enable some valuable and exciting scenarios, including large-scale, peer-to-peer and mobile applications.
IPv6 has the following advantages over IPv4:
Â¢ Provides significantly more address space
Â¢ Easier address management and delegation
Â¢ Easy address autoconfiguration
Â¢ Embedded IPsec (encrypted security)
Â¢ Duplicate Address Detection (DAD) feature.
11. COMPARISON OF IPv4 VERSUS IPv6
IPv4 Solution IPv6 Solution
Addressing Range 32-bit, Network Address Translation 128-bit, Multiple Scopes
Serverless, Reconfiguration, DHCP
Security IPSec IPSec Mandated, works End-to-End
Mobility Mobile IP Mobile IP with Direct Routing
Quality-of-Service Differentiated Service, Integrated Service Differentiated Service, Integrated Service
IP Multicast _
IGMP/PIM/Multicast BGP MLD/PIM/Multicast BGP, Scope Identifier
NAT has been a good response in any ways to the problem of limited IPv4 address space, but it has also caused many problems. Devices in private networks cannot act as servers or participate in P2P applications when NAT changes packets. NAT has also served to undermine the security provisions that have been created to protect the users of the Internet. The combined use of NAT and IP sec network level security outright prevents successful communication between devices under IPv4. Secure communication has proven to be a necessity in a world that has demonstrated remarkable malfeasance.
13 BIBLIOGRAPHY AND WEBLIOGRAPHY
BOOKS , * Ã‚Â»
1.ANDREW .S .TANENBAUM
"Computer Networks" RESOURCES ON NET http://www. howstuffworks.com http://www.wikipedia.com
1. INTRODUCTION AND OVERVIEW 1
2. WHAT IS NAT? 3
3. NAT OPERATIONS 4
4. FORMS OF NAT 5
5. BASIC NAT VS PORT NUMBER TRANSLATION 8
6. CLASSIFICATIONS OF NAT 9
7. BENEFITS 10
8. DRAWBACKS II
9. APPLICATIONS AFFECTED BY NAT 12
10. IPV6-IS IT CREEPING INTO NETWORK 14 1 1. COMPARISON OF IPV4 VERSUS IPV6 15
13. CONCLUSION 16
BIBLIOGRAPHY AND WEBLIOGRAPHY 17