Skip to main content

1.1.7 Issues with NAT

1.1.7 Issues with NAT

NAT has several advantages, including:
  • Conserves the legally registered addressing scheme by allowing the privatization of intranets.
  • Increases the flexibility of connections to the public network. Multiple pools, backup pools, and load balancing pools can be implemented to assure reliable public network connections.
  • Consistency of the internal network addressing scheme. On a network without private IP addresses and NAT, changing public IP addresses requires the renumbering of all hosts on the existing network. The costs of renumbering hosts can be significant. NAT allows the existing scheme to remain while supporting a new public addressing scheme.
NAT is not without drawbacks. Enabling address translation will cause a loss of functionality, particularly with any protocol or application that involves sending IP address information inside the IP payload. This requires additional support by the NAT device.
NAT increases delay. Switching path delays are introduced because of the translation of each IP address within the packet headers. The first packet will always go through the slow path, which means this first packet is process-switched. The remaining packets will go through the fast-switched path if a cache entry exists.
Performance may be a consideration because NAT is currently accomplished by using process switching. The CPU must look at every packet to decide whether it must be translated. The CPU must alter the IP header, and possibly alter the TCP or UDP header.
One significant disadvantage when implementing and using NAT is the loss of end-to-end IP tractability. It becomes much more difficult to trace packets that undergo numerous packet address changes over multiple NAT hops. Hackers who want to determine the source of a packet will find it difficult to trace or obtain the original source or destination address.
NAT also forces some applications that use IP addressing to stop functioning because it hides end-to-end IP addresses. Applications that use physical addresses instead of a qualified domain name will not reach destinations that are translated across the NAT router. Sometimes, this problem can be avoided by implementing static NAT mappings.
Cisco IOS NAT supports the following traffic types:
  • ICMP
  • File Transfer Protocol (FTP), including PORT and PASV commands
  • NetBIOS over TCP/IP, datagram, name, and session services
  • RealNetworks' RealAudio
  • White Pines' CUSeeMe
  • Xing Technologies' StreamWorks
  • DNS "A" and "PTR" queries
  • H.323/Microsoft NetMeeting, IOS versions 12.0(1)/12.0(1)T and later
  • VDOnet's VDOLive, IOS versions 11.3(4)11.3(4)T and later 
  • VXtreme's Web Theater, IOS versions 11.3(4)11.3(4)T and later 
  • IP Multicast, IOS version 12.0(1)T with source address translation only 
Cisco IOS NAT does not support the following traffic types:
  • Routing table updates
  • DNS zone transfers
  • BOOTP
  • talk and ntalk protocols
Simple Network Management Protocol (SNMP) 

Comments

Post a Comment

Popular posts from this blog

OSI layers / Peer-to-peer communications / TCP/IP model

OSI layers 2.3.4 This page discusses the seven layers of the OSI model. The OSI reference model is a framework that is used to understand how information travels throughout a network. The OSI reference model explains how packets travel through the various layers to another device on a network, even if the sender and destination have different types of network media. In the OSI reference model, there are seven numbered layers, each of which illustrates a particular network function. - Dividing the network into seven layers provides the following advantages: • It breaks network communication into smaller, more manageable parts. • It standardizes network components to allow multiple vendor development and support. • It allows different types of network hardware and software to communicate with each other. • It prevents changes in one layer from affecting other layers. • It divides network communication into smaller parts to make learning it easier to understand. In the foll...
Post a Comment
Read more

Advantages and disadvantages of link-state routing

Advantages and disadvantages of link-state routing 2.1.5  This page lists the advantages and disadvantages of link-state routing protocols. The following are advantages of link-state routing protocols:  Link-state protocols use cost metrics to choose paths through the network. The cost metric reflects the capacity of the links on those paths. Link-state protocols use triggered updates and LSA floods to immediately report changes in the network topology to all routers in the network. This leads to fast convergence times. Each router has a complete and synchronized picture of the network. Therefore, it is very difficult for routing loops to occur. Routers use the latest information to make the best routing decisions. The link-state database sizes can be minimized with careful network design. This leads to smaller Dijkstra calculations and faster convergence. Every router, at the very least, maps the topology of it...
Post a Comment
Read more

Ports for services

Ports for services 10.2.2  Services running on hosts must have a port number assigned to them so communication can occur. A remote host attempting to connect to a service expects that service to use specific transport layer protocols and ports. Some ports, which are defined in RFC 1700, are known as the well-known ports. These ports are reserved in both TCP and UDP.  These well-known ports define applications that run above the transport layer protocols. For example, a server that runs FTP will use ports 20 and 21 to forward TCP connections from clients to its FTP application. This allows the server to determine which service a client requests. TCP and UDP use port numbers to determine the correct service to which requests are forwarded. The next page will discuss ports in greater detail.
Post a Comment
Read more