- What Is Network Address Translation (NAT)?
- Contact Cisco
- How does NAT work?
- Is NAT a security feature on a router?
- How can NAT help transition to IPv6?
- NAT features and benefits
- How can organizations benefit from NAT?
- Carrier-grade NAT
- NAT444 for service providers
- High Availability (HA)
- Stateless and stateful NAT HA
- NAT64
- Interchassis redundancy
What Is Network Address Translation (NAT)?
Network Address Translation (NAT) is a service that enables private IP networks to use the internet and cloud. NAT translates private IP addresses in an internal network to a public IP address before packets are sent to an external network.
Contact Cisco
Call Sales:
How does NAT work?
Network Address Translation (NAT) is a service that operates on a router or edge platform to connect private networks to public networks like the internet. NAT is often implemented at the WAN edge router to enable internet access in core, campus, branch, and colocation sites. With NAT, an organization needs one IP address or one limited public IP address to represent an entire group of devices as they connect outside their network. Port Address Translation (PAT) enables one single IP to be shared by multiple hosts using IP and port address translation.
Is NAT a security feature on a router?
NAT is a networking feature that can help reduce organizational security risk by hiding internal networks from public networks. By default, outside public IPs cannot communicate to an internal private IP host if there is no pre-existing NAT translation. So, NAT separates public and private networks. Additionally, organizations that use NAT can implement and maintain multilayer security to block threats and protect against malicious activity. Your edge platform may be able to perform these essential security services.
How can NAT help transition to IPv6?
While IPv6 offers a large number of IP address space to fulfill increasing host demands in today’s networks, chances are you need IPv6 and IPv4 addresses to coexist in your network. NAT can help support this coexistence and transition, allowing IPv6-only devices to communicate with IPv4-only devices and vice versa. NAT allows organizations to connect IPv6 and IPv4 networks using NAT64 translations. As a networking service, it’s important that NAT is supported with underlay performance.
NAT features and benefits
How can organizations benefit from NAT?
Organizations managing multicloud architectures need NAT to connect their private IP networks to the internet and cloud.
Whether you access or deliver cloud services, NAT translates IP addresses for users who are logging in to these cloud services from on-premises and remote locations.
Carrier-grade NAT
Carrier-grade network address translation, known also as CGN or CGNAT, translates IP addresses at a much larger scale, often handling tens of millions NAT translations. Service providers and companies with large-scale networks rely on CGN for internet and cloud connectivity. As a result, CGN should be supported by a capable platform that can serve high-scale demands.
NAT444 for service providers
Service providers using CGN may also employ a NAT444 architecture as a strategy to manage a waning IPv4 supply.
With NAT444, customer connections to internet services and the cloud can pass through three different IPv4 addressing domains: the customer’s private network, the carrier’s private network, and the public internet.
High Availability (HA)
Many organizations seek greater reliability as their architectures expand to include the cloud. This is where NAT High Availability features can help.
Stateless and stateful NAT HA
When a standby NAT router or edge platform is unaware of the translations that an active NAT router or edge platform performs, it’s called stateless redundancy.
Stateless NAT HA provides fast switchover between active and standby routers due to faults that may occur in any part of the network. With stateless HA, the applications traffic has to re-create NAT translation in a new active router.
With stateful NAT HA, a standby router or edge platform knows all the translations that the active NAT router is performing. If an adverse event impacts the active router and traffic must switch to the standby router, then the standby router won’t need to re-create the translation. This enables sessions to continue sending traffic from new active router.
NAT64
NAT64 is an IPv6 transition technology that supports the translation of an IPv6 network address into an IPv4 address.
There are stateless and stateful versions of NAT64:
- Stateless NAT64: This mechanism is stateless because it doesn’t maintain any bindings or session state while performing address translation, and it supports both IPv6-initiated and IPv4-initiated communications. (A binding is a one-to-one association between a private IP address and its translated public IP address.)
- Stateful NAT64: This mechanism is stateful because it creates or modifies session state or bindings while performing address translation. Stateful NAT64 supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings.
Interchassis redundancy
Organizations that use stateful NAT64 may also choose to employ interchassis redundancy. This is the process of configuring pairs of devices to act as hot standbys for each other. It creates redundancy at the application level and provides reliability. These pairs are known as redundancy groups and are ready to run application activity whenever they’re needed.