Network Address Translation – N10-008 CompTIA Network+ : 1.4

Network administrators often use Network Address Translation (NAT) to modify IP addresses as they traverse the network. In this video, you’ll learn how NAT can be used to minimize the use of public IP addresses.


On the internet, it’s estimated there are over 20 billion different devices that are communicating. And we are increasing the number of devices all the time. But IPv4 only supports 4.29 billion addresses. And we’re certainly well over that particular number. The IP address space for IPv4 is also exhausted. If you wanted to get a new IPv4 address that was public and on the internet, you would not be able to easily obtain one.

So how are we able to have all of these devices communicating on the internet without actually having enough IP addresses? We’re able to use a technique called Network Address Translation, or NAT. This isn’t the only reason we might want to use network address translation, but it is one of the most common reasons that people implement NAT on their local devices.

We’re able to use network address translation to increase the number of available devices because we set aside some very specific IP address ranges as what we call private IP addresses. This comes from RFC, or Request For Comments number 1918, and it specifically defines what these private IP address ranges would be. This is a very big chart that includes the range, the number of addresses, the classful description, the subnet mask for the range, and the host ID size.

But if you’re planning to memorize any part of this, it’s this first column that is the most important. These are the private IP addresses that you need to know. The first range is 10.0.0.0 through 10.255.255.255. The second range is 172.16.0.0 through 172.31.255.255. And the last private IP address range is 192.168.0.0 through 192.168.255.255.

If the IP address of your device is an IP address that is in any of these ranges, then you are using a private IP address, or what you might hear called an RFC 1918 IP address. Very simply, network address translation is when a device changes an IP address as it’s communicating through the network. This is commonly done using a router. And in this particular example, this router is providing that translation functionality.

On the left side is our private network. And you can see a private address range of 10.10.20.0/24, which means your router and Vala, the device on the left side, are all communicating using these private IP addresses. But Vala would like to talk to the professormesser.com web server. And you can see that Professor Messer has a public IP address.

We need to find some way to have our private addresses communicate to these public addresses and back again. So we’ll use our router to perform that translation. Vala will send an IP packet to the Professor Messer website, which means the source address is Vala’s IP, which is 10.10.20.50. And she’s sending this message to 104.20.19.63, which matches the public IP address on professormesser.com.

When this packet is sent to a local router, the router recognizes that a private IP address is in use and makes a change to that IP address or translates that IP address to a public IP address that has been previously configured inside of that router. It then sends the rest of that information to the destination IP. And we’re able to do that because we changed that source IP to a public IP address.

This becomes especially important when we need to send information back to Vala. Obviously, we can’t send it to the original 10.10.20.50 private IP address. So the Professor Messer website is simply going to reverse the IP address as it’s received. This means that professormesser.com will now be the source. And the destination IP will be the translated address that was created by this router.

This packet is then sent to router 1. And router 1 has a previous configuration inside of it that says if anything is received on 94.1.1.1, then it needs to be translated to the internal IP address used by Vala. That router then makes that network address translation and sends the packet to its final destination on Vala’s internal IP address of 10.10.20.50.

Well, that process works fine if there is a single IP address on the inside that needs to be translated. But what if you have multiple IP addresses, or even tens, hundreds, or thousands of devices that need to communicate? In that situation, you’ll perform a special kind of network address translation called a source network address translation, a NAT overload, or a port address translation.

Let’s take the same situation of Vala, who needs to communicate to the professormesser.com server. You can see that the source IP address is 10.10.20.50. That is Vala’s IP address. And Vala will be communicating to 104.20.19.63, which is the professormesser.com

You can also see that we’ve added the port numbers that are in place. Vala has chosen a random port number as the source port number. And it’s added to the end of this IP address as port number 3233. And Vala is communicating to this web server over port 80. And that port 80 has been added to that destination IP address.

When this information is received by the router, the router recognizes that the internal IP address needs to be changed to a public IP address but it also needs to not only change the IP address but the port number that’s in use as well. It creates a table inside of the router that translates between the private IP address and what’s available as a public IP address. And this router has determined that we will use 94.1.1.1 as the public IP, and a port number of 1055. It then makes that change to the traffic and sends it on to the Professor Messer web server.

As with our previous example, when the Professor Messer web server wants to send this information back to Vala, it will change these IP addresses around. When those addresses are received by the router, the router looks up what address has been received over that port number, translates it back to our internal IP address, and sends that traffic to Vala’s workstation.

This is a process that occurs millions of times a day across all of the routers that we have connected to the internet. And if you’re using a router at home or at your place of business, then it’s performing this NAT overload or port address translation to be able to provide this network communication.