当前位置:网站首页>Data communication foundation NAT network address translation
Data communication foundation NAT network address translation
2022-07-05 15:36:00 【GALi_ two hundred and thirty-three】
NAT Network address translation
Technical background
- IPv4 The address is exhausted .
- LAN users generally use private IPv4 Address , How to access the public network ?
- Use private in LAN IPv4 How does the address server provide services to the public network ?
- If you need to hide the intranet IP, At the same time, the specific server of the intranet needs to provide services to the outside, how to realize ?
Public network IP Address and private IP Address
Public address :
- The public network address refers to the address that can be in Internet Address used on . To ensure the whole Internet Internal IP Address of the Uniqueness , The public address is from IANA(Internet Assigned Number Authority) This International Group The organization is responsible for the distribution . If a network device needs to use a public network address , You have to go to ISP(Internet Service Provider) Or Registration Center .
Private address :
- In order to meet some laboratories 、 The independence of a company or other organization from Internet The need for private networks outside , RFCA(Requests For Comment)1918 Three are reserved for private use IP Address segment . private The address can't be in Internet Assigned to , Therefore, you can use it freely without applying .
NAT summary
NAT(Network Address Translator) The main principle of is through analysis IP Message header , Automatic replacement report The source address or destination address in the header , Realize private network users through private network IP The purpose of accessing the public network . The private network IP Convert to Public network IP The process of is transparent to users .
advantage | shortcoming |
---|---|
Alleviate the shortage of public network addresses | There are forwarding delays |
solve IP The problem of address space conflict or overlap | End to end addressing becomes difficult |
Higher network scalability , Local control is also easier | Some apps do not support NAT |
The Intranet structure and related operations become invisible to the outside | NAT The generated table entries need to occupy the memory space of the device |
Increased security | Equipment performance problems |
NAT type
dynamic NAT
The conversion between private address and public address is not fixed , It's dynamic .
There are ways to achieve this Basic NAT and NAPT(Network Address Port Translation) Two kinds of :
Basic NAT
adopt Router Establish address pool to realize one-to-one address translation
NAPT
be based on Basic NAT This one-to-one approach cannot effectively solve the problem of address shortage , and NAPT That can be done .NAPT Can achieve concurrent address translation , Use “IP Address + Port” In the form of , Realize many to one address translation .
Easy IP
Easy IP The realization principle and NAPT be similar , count NAPT A special case of .
The difference is , Easy IP Yes, it will Router Of WAN The interface address is used as the mapped public address .
static state NAT
static state NAT It's in progress NAT Address conversion , Inside IP Address and public network IP The address is one-to-one statically bound , And every public network IP It will only be allocated to fixed intranet hosts for conversion . This is related to Basic NAT The principle of implementation is basically the same , The difference is to configure static in advance NAT Transformation mapping table .
static state NAPT Refer to “ Private network of internal network host IP Address + Agreement No + Port” And “ Public network IP Address + Agreement No + Port” It is statically bound one-to-one . This is related to NAPT Similar principle , The difference is to configure static in advance NAPT Transformation mapping table .
NAT Server
NAT Server For Internet users, you need to use a fixed public network IP Address access to a fixed server . Through the server with the pre configured number “ Public network IP Address + Port” With the server “ The private network IP Address + Port” Indirect static mapping relationship .
NAT To configure
static state NAT
- Suppose the company applies to the operator for a public network address 200.1.1.100, Realize static one-to-one mapping , Visit the Internet .
# global For public address , inside Private network address
[NAT-Device]interface GigabitEthernet 0/0/1
[NAT-Device-GigabitEthernet0/0/1]nat static global 200.1.1.100 inside 192.168.1.1
see nat Convert information
use pc1 ping Internet
The address was converted successfully
dynamic NAT
- 192.168.1.0/24 All network segments need to access the external network , Through application 200.1.1.100~200.1.1.200 Address range , Achieve intranet address translation .
# Define the address pool
[NAT-Device]nat address-group 1 200.1.1.100 200.1.1.200
# Definition ACL2000, Used to match the addresses that are allowed to access the Internet
[NAT-Device]acl 2000
[NAT-Device-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[NAT-Device-acl-basic-2000]quit
[NAT-Device]interface GigabitEthernet 0/0/1
[NAT-Device-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
notes :no-pat It can also be called “ One to one address translation ”, This field is configured , Only IP Address translation , It's not going to happen Conversion on port , And when an address in the address pool is translated , This address cannot be used by other intranet addresses , That is, occupied .
Configured with no-pat, Namely Basic NAT; No configuration is NAPT.
nat outbound 2000 address-group 1 # Basic nat
nat outbound 2000 address-group 1 no-pat # napt
Easy IP To configure
[NAT-Device]interface GigabitEthernet 0/0/1
[NAT-Device-GigabitEthernet0/0/1]nat outbound 2000
NAT Server
- Send the private server address 80 The port is mapped to the public address 200.1.1.100 Of 8080 On port
[NAT-Device]interface GigabitEthernet 0/0/1
[NAT-Device-GigabitEthernet0/0/1]nat server protocol tcp global 200.1.1.100 8080
inside 192.168.1.1 www
[NAT-Device-GigabitEthernet0/0/1]quit
use Client visit Web Server
边栏推荐
- Memo 00
- Noi / 1.5 06: element maximum span value of integer sequence
- CSDN I'm coming
- JS knowledge points-01
- Bugku alert
- 超越PaLM!北大硕士提出DiVeRSe,全面刷新NLP推理排行榜
- Hongmeng system -- Analysis from the perspective of business
- Common redis data types and application scenarios
- Go language programming specification combing summary
- mapper.xml文件中的注释
猜你喜欢
随机推荐
Memo 00
Bugku's Ping
记录一下树莓派搭建环境中遇到的坑。。。
美团优选管理层变动:老将刘薇调岗,前阿里高管加盟
Usage and usage instructions of JDBC connection pool
Creation and optimization of MySQL index
Aike AI frontier promotion (7.5)
Huiyuan, 30, is going to have a new owner
如何将 DevSecOps 引入企业?
Ionic Cordova project modification plug-in
Bugku's steganography
MySQL5.7的JSON基本操作
Advanced level of static and extern
百亿按摩仪蓝海,难出巨头
1330: [example 8.3] minimum steps
The computer is busy, and the update is a little slow
Good article inventory
Talk about your understanding of microservices (PHP interview theory question)
超越PaLM!北大硕士提出DiVeRSe,全面刷新NLP推理排行榜
超越PaLM!北大碩士提出DiVeRSe,全面刷新NLP推理排行榜