No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Feature Description - NAT and IPv6 Transition 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic Concepts

Basic Concepts

NAT translates between private and public IP addresses carried in the headers of IP data packets. NAT is performed in either port address translation (PAT) and no-PAT mode.

PAT-based NAT Translation

PAT-based NAT translation is also called network address port translation (NAPT). NAPT translates both source IP addresses and port numbers between public and private networks. For packets with the same private source IP addresses and different source port numbers, NAPT translates the private source IP address in each packet to the same public source IP address and each private source port number to a specific public source port number.

Figure 3-1  PAT-based NAT translation
In Figure 3-1, a NAT device receives three packets. Packet 1 and packet 2 carry the same private source IP address but different source port numbers. Packet 1 and packet 3 carry different private source IP addresses but the same source port number. The NAT device uses NAPT to translate the private source IP addresses into the same public source IP address and each private source port number into a specific public source port number. After the NAT device receives the response packet to each packet, the NAT device can distinguish these packets and properly send them to hosts on the private network.

No-PAT-based NAT Translation

No-PAT only translates each private source IP address into a public source IP address, but does not translate source port numbers.

Figure 3-2  No-PAT-based NAT translation

In Figure 3-2, two packets carrying private IP addresses arrive at a NAT device. Packet 1 and packet 2 carry different private source IP addresses and port numbers. The no-PAT mapping is used to convert the source IP addresses in the two data packets to different two public IP addresses, with source interfce numbers unchanged.

No-PAT is used by enterprises for services with high privacy. For example, customers in financial industry require to hide private IP addresses carried in service packets transmitted over a public network. In addition, some financial applications use the fixed port numbers, and No-PAT can meet such a requirement.

NAT Address Pool Mode

  • 5-tuple NAT

    5-tuple NAT, also called symmetric NAT, translates IP addresses and filters out packets based on the 5-tuple information in packets. The 5-tuple information includes the source IP address, source port number, protocol type, destination IP address, and destination port number.

    A NAT device receives packets carrying the same private source IP address and port number but different private destination IP addresses and port numbers. The NAT device translates the private source IP address and port number in these packets into different public IP addresses and port numbers. In addition, the NAT device allows public network hosts only with IP addresses matching these destination IP addresses to send packets carrying the translated IP addresses and port numbers to access private network hosts. When 5-tuple NAT is used, public network hosts can communicate with private hosts only if the public host packets carry the public network source IP address that match destination IP addresses carried in private host packets before NAT processes the private host packets. 5-tuple NAT improves packet transmission security, but does not allow hosts connected to different NAT devices to communicate.

    Figure 3-3  5-tuple NAT
  • 3-tuple NAT

    3-tuple NAT, also called full cone NAT, translates IP addresses and filters out packets based on the 3-tuple information carried in packets. The 3-tuple information includes the source IP address, source port number, and protocol number.

    After a NAT device receives packets carrying the same private source IP address and port number, the NAT device translates the private source IP address and port number to a specific public IP address and port number, respectively. Private network hosts can send packets carrying the translated public IP address and port number to access the private network hosts. 3-tuple NAT enables private hosts connected to different NAT devices to communicate. Carrier networks primarily use 3-tuple NAT.

    Figure 3-4  3-tuple NAT
Download
Updated: 2018-07-04

Document ID: EDOC1100027155

Views: 19403

Downloads: 67

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next