Skip to main content

1.1.7 Issues with NAT

1.1.7 Issues with NAT

NAT has several advantages, including:
  • Conserves the legally registered addressing scheme by allowing the privatization of intranets.
  • Increases the flexibility of connections to the public network. Multiple pools, backup pools, and load balancing pools can be implemented to assure reliable public network connections.
  • Consistency of the internal network addressing scheme. On a network without private IP addresses and NAT, changing public IP addresses requires the renumbering of all hosts on the existing network. The costs of renumbering hosts can be significant. NAT allows the existing scheme to remain while supporting a new public addressing scheme.
NAT is not without drawbacks. Enabling address translation will cause a loss of functionality, particularly with any protocol or application that involves sending IP address information inside the IP payload. This requires additional support by the NAT device.
NAT increases delay. Switching path delays are introduced because of the translation of each IP address within the packet headers. The first packet will always go through the slow path, which means this first packet is process-switched. The remaining packets will go through the fast-switched path if a cache entry exists.
Performance may be a consideration because NAT is currently accomplished by using process switching. The CPU must look at every packet to decide whether it must be translated. The CPU must alter the IP header, and possibly alter the TCP or UDP header.
One significant disadvantage when implementing and using NAT is the loss of end-to-end IP tractability. It becomes much more difficult to trace packets that undergo numerous packet address changes over multiple NAT hops. Hackers who want to determine the source of a packet will find it difficult to trace or obtain the original source or destination address.
NAT also forces some applications that use IP addressing to stop functioning because it hides end-to-end IP addresses. Applications that use physical addresses instead of a qualified domain name will not reach destinations that are translated across the NAT router. Sometimes, this problem can be avoided by implementing static NAT mappings.
Cisco IOS NAT supports the following traffic types:
  • ICMP
  • File Transfer Protocol (FTP), including PORT and PASV commands
  • NetBIOS over TCP/IP, datagram, name, and session services
  • RealNetworks' RealAudio
  • White Pines' CUSeeMe
  • Xing Technologies' StreamWorks
  • DNS "A" and "PTR" queries
  • H.323/Microsoft NetMeeting, IOS versions 12.0(1)/12.0(1)T and later
  • VDOnet's VDOLive, IOS versions 11.3(4)11.3(4)T and later 
  • VXtreme's Web Theater, IOS versions 11.3(4)11.3(4)T and later 
  • IP Multicast, IOS version 12.0(1)T with source address translation only 
Cisco IOS NAT does not support the following traffic types:
  • Routing table updates
  • DNS zone transfers
  • BOOTP
  • talk and ntalk protocols
Simple Network Management Protocol (SNMP) 

Comments

Post a Comment

Popular posts from this blog

OSI layers / Peer-to-peer communications / TCP/IP model

OSI layers 2.3.4 This page discusses the seven layers of the OSI model. The OSI reference model is a framework that is used to understand how information travels throughout a network. The OSI reference model explains how packets travel through the various layers to another device on a network, even if the sender and destination have different types of network media. In the OSI reference model, there are seven numbered layers, each of which illustrates a particular network function. - Dividing the network into seven layers provides the following advantages: • It breaks network communication into smaller, more manageable parts. • It standardizes network components to allow multiple vendor development and support. • It allows different types of network hardware and software to communicate with each other. • It prevents changes in one layer from affecting other layers. • It divides network communication into smaller parts to make learning it easier to understand. In the foll...
Post a Comment
Read more

PC Basic...

• Backplane – A backplane is an electronic circuit board containing circuitry and sockets into which additional electronic devices on other circuit boards or cards can be plugged; in a computer, generally synonymous with or part of the motherboard. • Network interface card (NIC) – An expansion board inserted into a computer so that the computer can be connected to a network. • Video card – A board that plugs into a PC to give it display capabilities. • Audio card – An expansion board that enables a computer to manipulate and output sounds. • Parallel port – An interface capable of transferring more than one bit simultaneously that is used to connect external devices such as printers. • Serial port – An interface that can be used for serial communication in which only one bit is transmitted at a time. • Mouse port – A port used to connect a mouse to a PC. • USB port – A Universal Serial Bus connector. A USB port connects devices such as a mouse or printer to the computer ...
Post a Comment
Read more

1.2.2 RIP V2 Features

 1.2.2 RIP V2 Features This page will discuss RIP v2, which is an improved version of RIP v1. Both versions of RIP share the following features: It is a distance vector protocol that uses a hop count metric. It uses hold down timers to prevent routing loops – default is 180 seconds. It uses split horizon to prevent routing loops. It uses 16 hops as a metric for infinite distance. RIP v2 provides prefix routing, which allows it to send out subnet mask information with the route update. Therefore, RIP v2 supports the use of classless routing in which different subnets within the same network can use different subnet masks, as in VLSM. RIP v2 provides for authentication in its updates. A set of keys can be used on an interface as an authentication check. RIP v2 allows for a choice of the type of authentication to be used in RIP v2 packets. The choice can be either clear text or Message-Digest 5 (MD5) encryption. Clear text is the default. MD5 can be used t...
Post a Comment
Read more