next up previous contents
Next: NAT and Networks Up: Title Previous: Introduction


History

Subsections

IP address translation is a relatively new technology. The first papers on the subject were written in the early 90s. NAT was introduced as a short term solution for the address space problem and a complementary technology to CIDR. To understand why the NAT idea was born we have to look back at the situation at the beginning of the decade and some technologies that have been introduced in order to solve the most pressing problems of those years, IP address depletion and scaling in routing. There are three approaches: CIDR, private IPs and NAT.

Classless InterDomain Routing (CIDR)

In the early 90s it became apparent that the number of free IP addresses would soon be depleted. The total number of IPs was large enough (and still is), but because of routing issues -- routing tables can not grow infinitely due to memory and timing problems -- they could only be used in blocks. There are three classes of IPs: class A, B and C addresses.

[IP subnetting]

For each block in a class one entry in a routers routing table was necessary. Class A, allowing more than 16 million hosts, is much too large for most purposes, besides that only a few class A networks are available. Class C networks on the other hand (254 hosts) are too small. Class B allows for some ten thousand addresses, a good number for medium sized organizations, but in 1992 already half of the available class B address space was in use, with an Internet growing at more than 100% annually. That is why many newly connected organizations ended up with several class C networks, because there were many left of them, which in turn caused a routing table overflow on some devices, because one entry for every single class A, B or C network, respectively, was needed.

This is the point where CIDR comes into the game (See [2]). CIDR makes it possible to have just one routing entry in a router for a whole block of class C networks. It introduces some rules how to build these blocks - you can't use arbitrary networks. Note that the problem of scaling in routing mainly relates to Internet backbone routing, since the backbone routers have to know all networks on the Internet. Within an organization you can use any routing strategy, whatever you like best. Now that we have built blocks of class C addresses we give them to the Internet providers who in turn give them to their customers, but the latter does not matter. The goal of CIDR was to reduce routing entries in the backbone routers, which began to overflow due to the huge number of entries needed for class C networks (up to about 2 million). After implementing CIDR that number decreased significantly, allowing some more time for developing long term solutions (especially IPv6).

A problem with CIDR is when a customer changes the provider but wants to keep the IP addresses: The old provider still announces the route to the entire block while the new provider must announce a route to the extra net -> there are two routes for that net, the CIDR route and the single route. One possible solution is to use the most specific route, another one is NAT. The first one has the disadvantage of needing a new entry in a backbone router, which CIDR should have prevented. This can be avoided by using NAT, so that the customer keeps the addresses of the first provider for internal use but uses address translation to translate them into addresses of the new provider when communicating over the Internet.

Internal IP addresses

With the proliferation of TCP/IP technology even outside the Internet more and more enterprises began reserving IP address space for sole internal communication. So far there was only one global IP pool out of which all addresses were taken, and everyone needing IPs got globally unique addresses. This was unnecessary in most cases since the majority of enterprises that suddenly needed IP addresses used them only internally, and even when they connected their enterprises networks to the Internet they did not need unique addresses for all their hosts, since for reasons of security and others (e.g. caching web traffic) no direct IP connectivity was allowed between internal enterprise computers and hosts on the Internet. It was therefore just a question of time that special IP addresses out of the global pool were reserved for internal IP networks, as described in [3].

Now everyone can use one of the reserved class A, B or C networks for their internal communication. These addresses can't be used on the Internet, of course, since they will not get routed. Advantages are that no reservation has to be made in order to get address space, and everybody can pick the addresses best suited for a purpose, e.g. now everyone can use one of the rare class B networks, which makes internal routing easier than having lots of different class C networks.

There are disadvantages, too, but they are by far outweighed by the address space saved. One such disadvantage is that in an ever changing environment nobody knows if networks, that are independently administrated today and have chosen the same address space out of the reserved pool, will be directly connected in the future. This may be the case within enterprises, where before the network age many smaller networks existed independently, or it may even concern different companies that have to merge their networks for some reason. Again, network address translation could be of help in this case.

IP address translation

CIDR served as a short term solution for the routing table problem, and therefore also for the problem of address depletion, because now the many class C networks were available for use. To further ease the situation with IP addresses address space was reserved for pure internal use, simultaneously IPs were only given away for those who wanted to connect computers to the Internet.

As an additional measure some people proposed to reuse IP addresses [1]. The idea was that only a small percentage of hosts communicated across network boundaries at a time, so only those hosts would need a globally unique IP. Of course you can't change the system's IP each time your computer wants to establish a connection with another computer outside your network, so it was proposed to let a special device, a so called NAT-router, assign a global IP to a connection dynamically. Since the process should be transparent for both endsystems, assigning an IP meant to exchange the local IP numbers in the IP packets with the global IPs. That means you only need a relatively small number of global IPs and only that many hosts can communicate across the borders of your network simultaneously.

Disadvantages are that your hosts are not reachable from the outside (which may also be an advantage), that the number of simultaneous connections is limited or that the process might not be completely transparent due to the fact that there are protocols like FTP, that transmit their IP to the other host.

A special form of this approach to NAT is to have just one official address and to use just this address for all communication. To allow more than one host to communicate at a time not just the IP, but also the TCP port numbers are replaced, using a different port number for each connection. The number of simultaneous connections is limited only by the number of ports available for the outgoing connections. That Linux implements this form of NAT (called masquerading in Linux) is one of the reasons that this is being widely used today.

All the above ideas have been developed as short term solutions to overcome the most pressing problems caused by the growth of the Internet. They are all meant to be abandoned as soon as the new Internet transport protocol, IPv6, is available and the migration to it has been finished. I think, however, that some of the ideas will and should survive longer. CIDR can be found in IPv6 in a similar form, since it is obvious anyway. Private addresses may be useful under certain circumstances even in the future, e.g. it is not always possible or even desirable to ask a central organization for address space, even if there is enough, possibly because you need it now and for purely internal use. IP address translation, at last, can do much more than what its inventors intended it to do, as I am going to show next.


next up previous contents
Next: NAT and Networks Up: Title Previous: Introduction
Michael Hasenstein