Operation Manual – L3+NAT
H3C S9500 Series Routing Switches Chapter 1 NAT Configuration
1-3
address translation table for the mapping and replaces the original destination
address with the private address 192.168.1.3.
The above NAT operation is transparent to the terminals like the Host and the Server in
the above figure. The external server believes that the IP address of the internal PC is
20.1.1.1, and is unaware of the private address 192.168.1.3. As such, NAT hides the
private network from the external networks.
Despite the advantage of allowing internal hosts to access external resources and
providing privacy, NAT also has the following disadvantages:
z As NAT involves translation of IP addresses, the packet headers that carry these
addresses cannot be encrypted. This is also true to the application protocol
packets when the contained IP address or port number needs to be translated. For
example, you cannot encrypt an FTP connection, or its port command cannot
work correctly.
z Network debugging becomes more difficult. For example, when a host in a private
network tries to attack other networks, it is harder to pinpoint the attacking host as
the host IP address has been hidden.
z The influence of NAT on network performance is not obvious when the bandwidth
is lower than 1.5 Gbps. The bottleneck in this scenario lies in the transmission rate.
However, when the bandwidth is higher than 1.5 Gbps, NAT could affect the
switch performance to a certain extent.
1.1.2 NAT Functionalities
I. Many-to-many NAT and NAT control
As depicted in Figure 1-1, when an internal network user accesses an external network,
NAT uses an external or public IP address to replace the original internal IP address. In
Figure 1-1, this address is the outbound interface address (a public IP address) of the
NAT gateway. This means that all internal hosts use the same external IP address
when accessing external networks. In this scenario, only one host is allowed to access
external networks at a given time. Hence, it is referred to as “one-to-one NAT”.
Another form of NAT solves this problem by allowing the NAT gateway to have multiple
public IP addresses. When the first internal host accesses external networks, NAT
chooses a public IP address for it, records the mapping between the two addresses and
transfers data packets. When the second internal host accesses external networks, a
similar process happens, but this time another public IP address is used, and so are the
remaining internal hosts. In this way, multiple internal hosts can access the external
networks simultaneously. This type of NAT is called “many-to-many NAT”.