1.1.3 Major NAT and PAT features

1.1.3 Major NAT and PAT features
NAT translations can be used for a variety of purposes and can be either dynamically or statically assigned. Static NAT is designed to allow one-to-one mapping of local and global addresses. This is particularly useful for hosts which must have a consistent address that is accessible from the Internet. These internal hosts may be enterprise servers or networking devices.
Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host. Overloading, or Port Address Translation (PAT), maps multiple private IP addresses to a single public IP address. Multiple addresses can be mapped to a single address because each private address is tracked by a port number.
PAT uses unique source port numbers on the inside global IP address to distinguish between translations. The port number is encoded in 16 bits. The total number of internal addresses that can be translated to one external address could theoretically be as high as 65,536 per IP address. Realistically, the number of ports that can be assigned a single IP address is around 4000. PAT will attempt to preserve the original source port. If this source port is already used, PAT will assign the first available port number starting from the beginning of the appropriate port group 0-511, 512-1023, or 1024-65535. When there are no more ports available and there is more than one external IP address configured, PAT moves to the next IP address to try to allocate the original source port again. This process continues until it runs out of available ports and external IP addresses.
NAT offers the following benefits:

• Eliminates reassigning each host a new IP address when changing to a new ISP. NAT eliminates the need to readdress all hosts that require external access, saving time and money.
• Conserves addresses through application port-level multiplexing. With PAT, internal hosts can share a single public IP address for all external communications. In this type of configuration, very few external addresses are required to support many internal hosts, thereby conserving IP addresses.

Protects network security. Because private networks do not advertise their addresses or internal topology, they remain reasonably secure when used in conjunction with NAT to gain controlled external access.