1.1.7 Issues with NAT
NAT has several advantages, including:
NAT increases delay. Switching path delays are introduced because of the translation of each IP address within the packet headers. The first packet will always go through the slow path, which means this first packet is process-switched. The remaining packets will go through the fast-switched path if a cache entry exists.
Performance may be a consideration because NAT is currently accomplished by using process switching. The CPU must look at every packet to decide whether it must be translated. The CPU must alter the IP header, and possibly alter the TCP or UDP header.
One significant disadvantage when implementing and using NAT is the loss of end-to-end IP tractability. It becomes much more difficult to trace packets that undergo numerous packet address changes over multiple NAT hops. Hackers who want to determine the source of a packet will find it difficult to trace or obtain the original source or destination address.
NAT also forces some applications that use IP addressing to stop functioning because it hides end-to-end IP addresses. Applications that use physical addresses instead of a qualified domain name will not reach destinations that are translated across the NAT router. Sometimes, this problem can be avoided by implementing static NAT mappings.
Cisco IOS NAT supports the following traffic types:
NAT has several advantages, including:
- Conserves the
legally registered addressing scheme by allowing the privatization of
intranets.
- Increases the
flexibility of connections to the public network. Multiple pools, backup
pools, and load balancing pools can be implemented to assure reliable
public network connections.
- Consistency of
the internal network addressing scheme. On a network without private IP
addresses and NAT, changing public IP addresses requires the renumbering
of all hosts on the existing network. The costs of renumbering hosts can
be significant. NAT allows the existing scheme to remain while supporting
a new public addressing scheme.
NAT increases delay. Switching path delays are introduced because of the translation of each IP address within the packet headers. The first packet will always go through the slow path, which means this first packet is process-switched. The remaining packets will go through the fast-switched path if a cache entry exists.
Performance may be a consideration because NAT is currently accomplished by using process switching. The CPU must look at every packet to decide whether it must be translated. The CPU must alter the IP header, and possibly alter the TCP or UDP header.
One significant disadvantage when implementing and using NAT is the loss of end-to-end IP tractability. It becomes much more difficult to trace packets that undergo numerous packet address changes over multiple NAT hops. Hackers who want to determine the source of a packet will find it difficult to trace or obtain the original source or destination address.
NAT also forces some applications that use IP addressing to stop functioning because it hides end-to-end IP addresses. Applications that use physical addresses instead of a qualified domain name will not reach destinations that are translated across the NAT router. Sometimes, this problem can be avoided by implementing static NAT mappings.
Cisco IOS NAT supports the following traffic types:
- ICMP
- File Transfer
Protocol (FTP), including PORT and PASV commands
- NetBIOS over
TCP/IP, datagram, name, and session services
- RealNetworks'
RealAudio
- White Pines'
CUSeeMe
- Xing
Technologies' StreamWorks
- DNS
"A" and "PTR" queries
- H.323/Microsoft
NetMeeting, IOS versions 12.0(1)/12.0(1)T and later
- VDOnet's
VDOLive, IOS versions 11.3(4)11.3(4)T and later
- VXtreme's Web
Theater, IOS versions 11.3(4)11.3(4)T and later
- IP Multicast,
IOS version 12.0(1)T with source address translation only
- Routing table
updates
- DNS zone
transfers
- BOOTP
- talk and ntalk
protocols
No comments:
Post a Comment