Test Us

NAT

February 12, 2021
Update date: November 24, 2025

What is NAT

NAT (network address translation) is a technology for translating network addresses in a NAT network. A router replaces local IP addresses of devices with global addresses and vice versa, ensuring that all devices in an office or home connect to the internet through a single public address from the provider. The router accomplishes this by maintaining a table of entries to ensure proper response delivery. This allows thousands of devices to be connected simultaneously.

NAT technology was developed to prevent IPv4 address exhaustion, a term that refers to the complete exhaustion of the available 32-bit IPv4 addresses, which initially numbered approximately 4.3 billion.

The address exhaustion problem arose due to the ubiquitous penetration of the internet into people’s lives and the exponential increase in the number of connected devices, which led to virtually all available IPv4 addresses being allocated.

Types of NAT

NAT operates in different ways. The router selects NAT types based on the network’s needs—fixing addresses for stability or sharing one among ports to save bandwidth. Let’s look at some examples:

Static NAT (BiNAT, 1:1 NAT)

The administrator binds a local address to a global address to ensure stable access. A database server on 10.0.0.50 appears externally as 203.0.113.50—employees from the branch office connect via RDP, and clients access the web application on a fixed IP. The company wastes a public address for each device, but receives a reliable, uninterrupted connection.

Dynamic NAT

The router allocates a global address from a pool for the duration of the session and then returns it for reuse. Let’s say an office with 50 workstations creates a pool of 10 addresses (203.0.113.1–203.0.113.10): a manager opens the CRM in a browser, thereby occupying a free address, and by closing the tab, ends the session and frees the address for a colleague. When all 10 addresses are occupied, the eleventh employee waits for someone to close the browser. The office operates with a limited set of public IP addresses instead of purchasing 50 separate addresses.

PAT (Port Address Translation)

The router disguises multiple local addresses as a single global address, distinguishing traffic by TCP/UDP ports. In a coworking space with 200 tenants, the router uses 203.0.113.1: a laptop (192.168.1.10:49152) appears as 203.0.113.1:60000, and a tablet (192.168.1.20:49153) appears as 203.0.113.1:60001. The router checks the table and delivers responses correctly, a single address supports thousands of sessions, the provider connects the entire business center to a single IP, and clients download files or make calls without conflict.

How NAT Works

Let’s take a look at how NAT works. The process involves several steps:

  1. A device sends a request. A smartphone with a local address of 192.168.0.3 creates a packet for server 208.135.15.7. The packet contains the source address, port (e.g., 49152), and data. The router picks it up as it leaves the network.
  2. The router changes the source address. It replaces the local address (inside local) with a global address (inside global), say, 203.0.113.1. With PAT (Port Address Translation), it adds a unique port, for example, 60000. It stores this port pair in the NAT table for the return path.
  3. The packet goes out to the internet. The server receives the request from 203.0.113.1:60000. It processes it and sends a response to this address and port.
  4. The router receives the response and checks the destination address against the NAT table. Finds a record by global address and port. Replaces it with the local 192.168.0.3:49152.
  5. The response is delivered to the device. The smartphone receives the data without noticing the substitution. The NAT table clears the record after the session ends.
Local address (inside local) Global address (inside global) External global address (outside global)
192.168.0.3:49152 203.0.113.1:60000 208.135.15.7:443

In this table:

  • inside local – the local (private) IP address of a device, such as a laptop on your network;
  • inside global – the public address of the same device, used by the router to communicate with the internet as part of a NAT translation;
  • outside global – the public address of the server or device on the internet to which you are connecting.

In a real network, a router processes thousands of these entries simultaneously. NAT technology is used to replace addresses in packet headers, and the router performs this for each request. If ports or addresses run out, new connections are blocked until resources are freed up.

NAT Example

NAT Configuration

Configuring NAT on a home router typically involves enabling this option in the device’s web interface.

Configuring carrier-grade NAT (CG NAT) to scale connections for millions of subscribers is a task handled by vendor-specific engineers. Configuration involves several steps:

  • A profile with public IP addresses is created on the Stingray Service Gateway, ports are distributed among users, and session timeouts are configured;
  • The created profile is connected to a pool of private IP addresses.
  • The implementation engineer, together with the client (internet provider), verifies the correct operation of CG-NAT.

VAS Experts technical specialists will help select and deploy a solution based on the provider’s network architecture and performance requirements.

NAT Application Examples

NAT networks adapt to scenarios ranging from home Wi-Fi to corporate infrastructures with branch offices.

Private Networks

A NAT provider assigns a single public IP address, and a router with PAT masks local 192.168.1.x addresses so that a smartphone, laptop, and TV can access the internet simultaneously. A family connects 10 devices: children watch videos on a tablet, parents check email on a computer, and the router differentiates all traffic by port. Devices exchange files within the network without internet access, saving on additional IP addresses. Users manually reboot the router only in rare cases of failure.

Corporate Networks

A company distributes network address translation (NAT) for secure internet access and connects branch offices using dynamic address translation (NAT) or PAT. An office with 200 employees creates a pool of 50 addresses: managers open the CRM, developers upload code, and NAT hides 10.0.0.x from attacks. When merging, they change providers without redirecting PCs, configure remote access, and scale without thousands of IP addresses.

Port Forwarding for Internal Servers

Administrators open ports through NAT to connect clients to internal services. The company hosts a web server on 192.168.0.100: the rule forwards external IP 80 to the internal IP address, and clients see the website via the public IP address.

Carrier-Grade NAT (Large Scale NAT)

Providers use Carrier-Grade NAT to serve millions of subscribers when public IPv4 addresses are in short supply. VAS Experts develops CG-NAT solutions that distribute a single external IP address among hundreds of users through dynamic port allocation. The system automatically manages address pools, logs sessions to comply with SORM requirements, and scales without downtime. CG-NAT from VAS Experts processes up to 100 Gbps of traffic on a single server, integrates with billing, and maintains network performance as the client base grows.

Advantages of Using NAT

Let’s consider the advantages of NAT:

  • Saves public IP addresses. A single global address serves thousands of devices in the office, eliminating the need to purchase additional IP addresses from the provider and reducing infrastructure costs.
  • Hides internal addresses. Only the router is visible to the outside world, preventing hackers from scanning local devices in the branch office, reducing the risk of attacks.
  • Increases network flexibility. New machines can be added to the data center without requiring additional IP addresses; a startup can scale 50 servers automatically.
  • Provides basic security. Incoming connections are blocked by default; the router’s firewall filters traffic for 200 employees without a separate device.
  • Reduces administration costs. Manage one external IP address instead of thousands; a system integrator can configure rules for the client in minutes.

Disadvantages of Using NAT

Let’s consider the disadvantages of NAT in real-world scenarios:

  • Adds latency to traffic. The router processes every packet, replacing addresses, which slows VoIP calls in the call center by 50-100 ms.
  • It complicates application performance. FTP or SIP break due to port spoofing, developers spend hours configuring ALG in the corporate chat;
  • It loses end-to-end tracing. Administrators don’t track packet paths through multiple NATs, and debugging failures in the cloud takes three times longer.
  • It interferes with tunneling. IPsec VPNs break due to header changes, requiring remote employees to manually reconnect every 10 minutes.
  • It limits concurrent sessions. A single public IP address cannot broadcast more than 65,000 sessions for UDP and TCP connections. New requests are blocked until existing sessions are closed.
Vote:
5 out of 5
Average rating : 5
Rated by: 1
VoLTE IPv4