How NAT works

Your public IP

If you are connected to your home WiFi, try querying “my ip” on Google. This will show you something like this:

Screen Shot 2016-08-28 at 1.06.14 PM

As you can see, 106.51.24.219 is my public IP. Now, try the same Google search from another device (another laptop/smartphone) connected to the same WiFi. You will most likely get the same public IP.

Now, it is a well known fact that for computers to talk to each other over the internet, each computer needs to have a unique IP address. So, how does Google differentiate between your two devices when both are using the same IP?

IPv4

106.51.24.219 is what is know an an IPv4 address. It is a 32 bit address. Which translates to roughly over 4 billion available addresses. (Earth’s population is currently over 7 billion). Just 4 billion IPv4 addresses led to IPv4 exhaustion and forced people to adopt IPv6 (which has an excessively huge address space of 2128).

Network Address Translation

The exhaustion of IPv4 address space led to the widespread adoption of NAT. To keep things simple, I will only discuss the basic functionality of NAT, which is, mapping one address space into another.

Let’s digress a bit!

Your home router has multiple devices connected to it at the same time. Each of these devices (within your home LAN) has a unique IP address. These IPs, of your private network will be in one of the following formats:

  • 10.x.x.x
  • 192.168.x.x
  • 172.16.x.x – 172.31.x.x

Your router (also referred to as the Default Gateway) will also have a private IP address in one of the above formats. It will also have a public IP, which may or may not be in one of the above formats.

For e.g., my laptop’s private IP is 192.168.0.104 while my default gateway (router’s private IP) is 192.168.0.1(Use ipconfig on Windows and ifconfig on Unix-like to figure out yours.)

My router’s public IP is 10.244.80.75 (which you can figure out by accessing your router’s settings by connecting to the router’s private IP at port 80).

Pictorial depiction:

Screen Shot 2016-08-28 at 3.38.34 PM.png

Digressing just a bit more

A remote connection (socket) is always set up between a pair of host and port. For e.g., connecting to http://www.google.com from your machine requires the following two:

  • IP of http://www.google.com and the port to which to connect.
  • IP of the source (your machine) and the port.

When no port for the remote (google.com in this case) is specified, the default HTTP port 80 is used. So, hitting google.com from your browser will try to create a connection to 216.58.197.46:80 (google.com’s IP and port 80).

The source IP for my laptop will be 192.168.0.104. How do you specify the port you may ask? Well, it is taken care of by your OS. It will assign one of the ephemeral ports for the connection.

So, the connection might be established as follows:

192.168.0.104:65512 (my IP:port)-> 216.58.197.46:80 (google.com’s IP:port).

Back to NAT

Now, NAT does the translation from the local IP (192.168.0.104) to the public IP (router’s IP – 10.244.80.75). It converts the source IP:port from 192.168.0.104:65512 to 10.244.80.75:65470 (need not be 65470, could be anything). This conversion is done by modifying the source information in the IP packets.

Consequently, the connection to google.com will appear to be coming from 10.244.80.75:65470 instead of 192.168.0.104:65512.

Similarly, when I access google.com from my smartphone, the connection (to my phone) will appear to be as follows:

192.168.0.107:65216 (my IP:port)-> 216.58.197.46:80 (google.com’s IP:port).

However, NAT will map my local IP (and port) to the external facing IP (and port). Which might look like 10.244.80.75:62323.

NAT will maintain both these mappings (for my laptop and my phone) in the translation table:

  • 192.168.0.104:65512 -> 10.244.80.75:65470
  • 192.168.0.107:65216 -> 10.244.80.75:62323

What appears to google.com?

When google.com receives the two requests, they will appear to be originating from:

  • 10.244.80.75:65470
  • 10.244.80.75:62323

As you can see, searching for “my ip” on Google will result in Google returning to me the same public IP address (10.244.80.75) from two different machines.

How is the response returned to your device?

When Google returns its response to the two connections (same IP different ports), the request will reach your router. The router will then check the translation table and figure out the following mapping:

  • 10.244.80.75:65470 -> 192.168.0.104:65512
  • 10.244.80.75:62323 -> 192.168.0.107:65216

As you can see, the two responses will be returned to the appropriate device.

NAT behind another NAT

There is a fallacy in the above example. My router’s IP 10.244.80.75 belongs to the Class A private network address space. So, that is not what Google will be visible to Google. As you can see from the image at the very top, Google’s response was 106.51.24.219 and not 10.244.80.75.

Why is this happening? Because, there is in fact another layer of NAT (could actually be more than one). My ISP maintains its own LAN which has another gateway. Google might be receiving the IP of this gateway, and displaying the same to me in the result. Or, there could be a fourth gateway, and that is what Google is displaying!

Epilogue

We have seen how NAT helps abstract out a private network from the internet, by exposing a gateway. All the requests originating from this private network will appear to be coming from this gateway. What I did not mention is that this gateway could in fact hold a pool of external IPs. And it could assign any of these external facing IPs while performing the NAT translation. That is why, you will not see the same public IP (in Google) every time.

An interesting question arises out of this discussion. Why use NAT when you could very well just use a proxy server? Another blog?

One thought on “How NAT works

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s