1 00:00:00,810 --> 00:00:02,190 If you think back to our lesson 2 00:00:02,190 --> 00:00:05,160 on IP addressing specifically with version four, 3 00:00:05,160 --> 00:00:06,150 we talked about the fact 4 00:00:06,150 --> 00:00:09,150 that IPv4 was running out of IP addresses, 5 00:00:09,150 --> 00:00:11,670 and this was becoming a huge problem. 6 00:00:11,670 --> 00:00:14,880 Now, IPv6 honestly wasn't ready yet to be developed, 7 00:00:14,880 --> 00:00:16,620 and they were still in the process of it. 8 00:00:16,620 --> 00:00:19,140 And so something else had to come up to help us 9 00:00:19,140 --> 00:00:22,350 with this problem, and that is what address translation did. 10 00:00:22,350 --> 00:00:24,990 It was there to help solve this problem for us, 11 00:00:24,990 --> 00:00:26,550 and there was two versions of this, 12 00:00:26,550 --> 00:00:29,940 Network Address Translation and Port Address Translation. 13 00:00:29,940 --> 00:00:32,189 Now, Network Address Translation is a way for us 14 00:00:32,189 --> 00:00:35,670 to conserve those limited number of IPv4 addresses. 15 00:00:35,670 --> 00:00:38,100 For example, if I go to your house right now, 16 00:00:38,100 --> 00:00:40,230 how many devices do you have on your network? 17 00:00:40,230 --> 00:00:42,570 You might have 5 or 10 or 15. 18 00:00:42,570 --> 00:00:46,170 In my house, we each have a smartphone, a tablet, a laptop, 19 00:00:46,170 --> 00:00:49,350 a desktop, some video game machines, and there's four of us. 20 00:00:49,350 --> 00:00:52,800 So right there, we've got 12, 15, 20 devices, right? 21 00:00:52,800 --> 00:00:55,470 Now, if you start adding things up like smart thermostats 22 00:00:55,470 --> 00:00:59,310 and file servers and desktops, we quickly get to 20 or 30 23 00:00:59,310 --> 00:01:01,830 or 40 devices in any single house. 24 00:01:01,830 --> 00:01:05,670 But in each house, we only have one public IP addresses. 25 00:01:05,670 --> 00:01:08,820 So how do all these devices get onto the internet? 26 00:01:08,820 --> 00:01:12,150 Well, that is where NAT and PAT come into play. 27 00:01:12,150 --> 00:01:14,940 Now, NAT, or Network Address Translation is going 28 00:01:14,940 --> 00:01:17,400 to allow you to translate your private IP address 29 00:01:17,400 --> 00:01:19,470 into a public IP address for routing 30 00:01:19,470 --> 00:01:21,870 over the public networks like the internet. 31 00:01:21,870 --> 00:01:24,300 Now, there's another variation out there known as PAT, 32 00:01:24,300 --> 00:01:26,160 which is Port Address Translation, 33 00:01:26,160 --> 00:01:27,060 and we're going to talk about that 34 00:01:27,060 --> 00:01:28,740 at the end of this video too. 35 00:01:28,740 --> 00:01:30,150 Now, when we talk about different types 36 00:01:30,150 --> 00:01:33,300 of address translation, there are three main ones out there. 37 00:01:33,300 --> 00:01:36,420 There is DNAT, SNAT, and PAT. 38 00:01:36,420 --> 00:01:38,790 Let's take each one one at a time. 39 00:01:38,790 --> 00:01:40,110 Let's start out with DNAT, 40 00:01:40,110 --> 00:01:42,840 or Dynamic Network Address Translation. 41 00:01:42,840 --> 00:01:45,360 Now, dynamic NAT is going to take an IP address 42 00:01:45,360 --> 00:01:48,390 and automatically assign it from a pool of IP addresses 43 00:01:48,390 --> 00:01:50,880 and give us a one-to-one translation. 44 00:01:50,880 --> 00:01:53,460 Now, why would we want to use dynamic NAT? 45 00:01:53,460 --> 00:01:55,350 Well, if you remember, I talked about the fact 46 00:01:55,350 --> 00:01:57,990 that public IP addresses cost money. 47 00:01:57,990 --> 00:01:59,010 Maybe you only wanted to pay 48 00:01:59,010 --> 00:02:00,660 for five addresses in your business, 49 00:02:00,660 --> 00:02:02,880 but you have 30 workstations there. 50 00:02:02,880 --> 00:02:05,010 Well, in the old days, only 20% 51 00:02:05,010 --> 00:02:06,990 of your people were going online at any time, 52 00:02:06,990 --> 00:02:09,810 and so dynamic NAT worked out really well for that. 53 00:02:09,810 --> 00:02:11,594 The way dynamic NAT would work is when you wanted 54 00:02:11,594 --> 00:02:14,400 to get online, your computer would go to the router, 55 00:02:14,400 --> 00:02:16,800 it would borrow one of these five IP addresses, 56 00:02:16,800 --> 00:02:19,110 it would do a translation from your private IP 57 00:02:19,110 --> 00:02:20,490 to your public IP, 58 00:02:20,490 --> 00:02:22,770 and that way you'd be able to use it, go online, 59 00:02:22,770 --> 00:02:24,750 make the request, and then when you're done, 60 00:02:24,750 --> 00:02:27,810 your computer turned that public IP back into the router, 61 00:02:27,810 --> 00:02:29,400 back to the shared pool. 62 00:02:29,400 --> 00:02:32,070 This way, you can maximize your public IP space 63 00:02:32,070 --> 00:02:34,020 for the most amount of internal clients, 64 00:02:34,020 --> 00:02:35,406 and it did all this dynamically 65 00:02:35,406 --> 00:02:37,380 and you didn't have to worry about itm 66 00:02:37,380 --> 00:02:40,410 just like it does with DHCP to give you internal addresses, 67 00:02:40,410 --> 00:02:42,030 this was all done from a matching 68 00:02:42,030 --> 00:02:44,280 of an internal scope to an external scope. 69 00:02:44,280 --> 00:02:46,380 And so in just a quick microsecond, 70 00:02:46,380 --> 00:02:47,700 you could then take this address, 71 00:02:47,700 --> 00:02:50,100 make the request, and then give it back. 72 00:02:50,100 --> 00:02:52,050 Now, if you want to think about this like a family, 73 00:02:52,050 --> 00:02:54,510 let's say you have a mom and a dad 74 00:02:54,510 --> 00:02:56,040 and two teenagers living in the house, 75 00:02:56,040 --> 00:02:57,540 but you only have two cars. 76 00:02:57,540 --> 00:02:59,021 Well, if somebody wants to go to the mall, 77 00:02:59,021 --> 00:03:02,160 they would grab the car keys, get in the car, drive out, 78 00:03:02,160 --> 00:03:03,750 and then when they're done, they bring the car back 79 00:03:03,750 --> 00:03:04,920 and put the keys back up, 80 00:03:04,920 --> 00:03:06,120 and then somebody else can grab the keys 81 00:03:06,120 --> 00:03:07,200 and take out the car. 82 00:03:07,200 --> 00:03:09,630 That's the way dynamic NAT worked. 83 00:03:09,630 --> 00:03:12,360 Now, when we're dealing with static NAT, or SNAT, 84 00:03:12,360 --> 00:03:13,920 this was a static assignment 85 00:03:13,920 --> 00:03:17,280 where I would manually assign a private IP to a public IP, 86 00:03:17,280 --> 00:03:19,860 and each time it was a one-to-one translation. 87 00:03:19,860 --> 00:03:22,560 So in this case, if I had five public IP addresses, 88 00:03:22,560 --> 00:03:24,690 I would also have five private ones, 89 00:03:24,690 --> 00:03:25,980 and I couldn't multishare them 90 00:03:25,980 --> 00:03:27,660 the way I could with dynamic NAT. 91 00:03:27,660 --> 00:03:29,190 So in this case, I have to have one car 92 00:03:29,190 --> 00:03:30,600 for every person, right? 93 00:03:30,600 --> 00:03:32,790 Somebody has to physically do all that assignment as well, 94 00:03:32,790 --> 00:03:34,380 because it's done statically. 95 00:03:34,380 --> 00:03:36,630 Now, why would somebody want to use static NAT? 96 00:03:36,630 --> 00:03:38,040 You may be wondering 'cause it seems 97 00:03:38,040 --> 00:03:41,010 like a silly way to do it when dynamic NAT was available. 98 00:03:41,010 --> 00:03:44,100 Well, static NAT was really used just as a security feature. 99 00:03:44,100 --> 00:03:44,933 It was a way to have 100 00:03:44,933 --> 00:03:47,460 all those public IPs not showing exactly 101 00:03:47,460 --> 00:03:50,310 which client was attached to each one to the outside world, 102 00:03:50,310 --> 00:03:52,560 and so it added a little bit of a smokescreen, if you will, 103 00:03:52,560 --> 00:03:55,410 that kind of hid those devices behind the router. 104 00:03:55,410 --> 00:03:56,460 Now, the third way 105 00:03:56,460 --> 00:03:58,770 and the most common one that we use today is what's known 106 00:03:58,770 --> 00:04:01,500 as PAT or Port Address Translation. 107 00:04:01,500 --> 00:04:03,180 In fact, as you're watching this video, 108 00:04:03,180 --> 00:04:05,430 you're probably using PAT on your home network 109 00:04:05,430 --> 00:04:07,500 right now without even knowing it. 110 00:04:07,500 --> 00:04:08,670 Now, this is what happens 111 00:04:08,670 --> 00:04:11,310 when you have multiple private IP addresses sharing 112 00:04:11,310 --> 00:04:13,200 only one public address. 113 00:04:13,200 --> 00:04:14,890 Now again, my house, we have 15 114 00:04:14,890 --> 00:04:16,800 or 20 different network devices, 115 00:04:16,800 --> 00:04:19,140 but we only have one public IP. 116 00:04:19,140 --> 00:04:20,910 Now the problem is all 117 00:04:20,910 --> 00:04:22,950 of us want to get online at the same time, right? 118 00:04:22,950 --> 00:04:25,050 We don't want to have to share that one IP. 119 00:04:25,050 --> 00:04:27,540 Well, by using PAT, we can do that, 120 00:04:27,540 --> 00:04:30,240 because it allows a many-to-one translation instead 121 00:04:30,240 --> 00:04:33,960 of the one-to-one that dynamic NAT and static NAT required. 122 00:04:33,960 --> 00:04:35,280 Now, this is a great thing, 123 00:04:35,280 --> 00:04:36,540 because it allows me 124 00:04:36,540 --> 00:04:38,820 to take these small networks like small offices 125 00:04:38,820 --> 00:04:41,250 and home offices and small businesses 126 00:04:41,250 --> 00:04:42,120 and be able to connect them 127 00:04:42,120 --> 00:04:44,700 through one IP out to the internet. 128 00:04:44,700 --> 00:04:46,080 Now, I'm going to show you how this works 129 00:04:46,080 --> 00:04:48,900 by using a diagram in just a second, so bear with me. 130 00:04:48,900 --> 00:04:50,190 Now, before we do that though, 131 00:04:50,190 --> 00:04:51,900 I want to talk about the different names 132 00:04:51,900 --> 00:04:53,850 of the NAT IP addresses. 133 00:04:53,850 --> 00:04:55,110 They have specific names that you have 134 00:04:55,110 --> 00:04:56,730 to memorize for the exam. 135 00:04:56,730 --> 00:04:59,940 There's the inside local, inside global, outside local 136 00:04:59,940 --> 00:05:01,440 and outside global. 137 00:05:01,440 --> 00:05:02,640 For your inside local, 138 00:05:02,640 --> 00:05:04,530 this is your private IP address 139 00:05:04,530 --> 00:05:06,660 that references an inside device. 140 00:05:06,660 --> 00:05:07,950 For your inside global, 141 00:05:07,950 --> 00:05:09,630 this is your public IP address 142 00:05:09,630 --> 00:05:11,730 or your global one that's being referenced 143 00:05:11,730 --> 00:05:13,050 for an inside device. 144 00:05:13,050 --> 00:05:14,250 For your outside local, 145 00:05:14,250 --> 00:05:15,930 this is your private IP address 146 00:05:15,930 --> 00:05:18,000 that's being referenced from the outside. 147 00:05:18,000 --> 00:05:19,650 And you have your global device, 148 00:05:19,650 --> 00:05:20,943 or your outside global is coming 149 00:05:20,943 --> 00:05:25,140 to be a public IP address referencing that outside device. 150 00:05:25,140 --> 00:05:27,240 Now again, anytime you see the word global, 151 00:05:27,240 --> 00:05:29,010 I want you to think about public. 152 00:05:29,010 --> 00:05:30,180 Anytime you see the word local, 153 00:05:30,180 --> 00:05:31,680 I want you to think about private. 154 00:05:31,680 --> 00:05:34,080 And then you'll be able to answer these types of questions. 155 00:05:34,080 --> 00:05:36,810 Now, let me show you what all this looks like on a diagram. 156 00:05:36,810 --> 00:05:38,100 Here I have NAT. 157 00:05:38,100 --> 00:05:39,960 Now where are each of these things? 158 00:05:39,960 --> 00:05:42,000 If I'm dealing with my inside local, 159 00:05:42,000 --> 00:05:45,690 that is my private IP address, referencing an inside device. 160 00:05:45,690 --> 00:05:47,820 Which is one of the private IP addresses, 161 00:05:47,820 --> 00:05:50,220 referencing an inside device in this diagram? 162 00:05:50,220 --> 00:05:53,460 Well, that might be something like 10.0.1.101, 163 00:05:53,460 --> 00:05:55,020 which would be PC1. 164 00:05:55,020 --> 00:05:57,420 That is my inside local address. 165 00:05:57,420 --> 00:06:00,150 Then I have to reference an inside global address, 166 00:06:00,150 --> 00:06:05,150 which is a router, and for our case that would be 78.1.45.1. 167 00:06:05,220 --> 00:06:07,200 It's inside because it's my network, 168 00:06:07,200 --> 00:06:09,480 and it's global because it's public. 169 00:06:09,480 --> 00:06:12,251 As far as the outside local, that's our private IP address 170 00:06:12,251 --> 00:06:14,640 that references an outside device. 171 00:06:14,640 --> 00:06:19,410 For us, that would be the inside of this router or 10.0.1.1, 172 00:06:19,410 --> 00:06:20,970 because that is our outside device. 173 00:06:20,970 --> 00:06:23,070 It's our boundary device, that router. 174 00:06:23,070 --> 00:06:25,440 And then if I want to talk about my outside global, 175 00:06:25,440 --> 00:06:28,830 that's my public IP address, referencing an outside device, 176 00:06:28,830 --> 00:06:33,830 that would be the server 66.75.58.124. 177 00:06:33,900 --> 00:06:36,540 All four of these have to work together for us to be able 178 00:06:36,540 --> 00:06:40,980 to get the information from our PC, 10.0.1.101, 179 00:06:40,980 --> 00:06:44,190 from that local private IP address out to the server 180 00:06:44,190 --> 00:06:46,260 that I want to make the connection to. 181 00:06:46,260 --> 00:06:48,150 Now, how does NAT work? 182 00:06:48,150 --> 00:06:49,860 Well, let's take a look at this diagram 183 00:06:49,860 --> 00:06:51,810 where I have PC1 and PC2, 184 00:06:51,810 --> 00:06:54,270 who want to make a request of a single server. 185 00:06:54,270 --> 00:06:58,080 Now, PC1 and PC2 both have private IP addresses, 186 00:06:58,080 --> 00:07:00,360 which are not routable outside my network. 187 00:07:00,360 --> 00:07:02,700 Once I get to the router, they're going to be dropped, right? 188 00:07:02,700 --> 00:07:05,670 So when they send a request from their source IP, 189 00:07:05,670 --> 00:07:10,380 that's their private IP, that would be the 10.0.1.101 190 00:07:10,380 --> 00:07:13,080 or 10.0.1.102. 191 00:07:13,080 --> 00:07:14,340 Now, as part of that request, 192 00:07:14,340 --> 00:07:16,140 they're going to put the destination of the server 193 00:07:16,140 --> 00:07:17,460 that they want to get to, 194 00:07:17,460 --> 00:07:18,293 and so they're going to send 195 00:07:18,293 --> 00:07:21,270 that request with their default gateway over to the router. 196 00:07:21,270 --> 00:07:22,920 And this is where the NAT happens, 197 00:07:22,920 --> 00:07:24,780 because it's a NAT-enabled router. 198 00:07:24,780 --> 00:07:27,270 When the router gets that request, it's going to keep track 199 00:07:27,270 --> 00:07:31,680 of the fact that 10.0.1.101 was for PC1 200 00:07:31,680 --> 00:07:34,230 and the .102 was for PC2, 201 00:07:34,230 --> 00:07:37,050 and it's going to assign each of them an inside global address 202 00:07:37,050 --> 00:07:39,270 from its pool of public IP addresses. 203 00:07:39,270 --> 00:07:43,195 In this case, that's 78.1.45.101 204 00:07:43,195 --> 00:07:46,260 and 78.1.45.102. 205 00:07:46,260 --> 00:07:47,675 Now it's going to strip off the source 206 00:07:47,675 --> 00:07:49,890 that was those private IP addresses 207 00:07:49,890 --> 00:07:52,140 and put on these inside global addresses, 208 00:07:52,140 --> 00:07:53,640 which is publicly routable, 209 00:07:53,640 --> 00:07:56,190 and then they're going to send the packet off to the server. 210 00:07:56,190 --> 00:07:57,990 When the request comes back to the router, 211 00:07:57,990 --> 00:08:00,480 it's going to strip off those inside global addresses, 212 00:08:00,480 --> 00:08:02,700 put back on the inside local addresses, 213 00:08:02,700 --> 00:08:05,970 and send it back to PC1 and PC2 respectively. 214 00:08:05,970 --> 00:08:07,890 That's essentially how NAT works, 215 00:08:07,890 --> 00:08:09,540 and this can be either done statically 216 00:08:09,540 --> 00:08:12,090 or dynamically based on those IP addresses 217 00:08:12,090 --> 00:08:14,040 and the pool that's being there in reserve 218 00:08:14,040 --> 00:08:16,050 at that NAT-enabled router. 219 00:08:16,050 --> 00:08:18,210 Now, when we deal with your network at home though, 220 00:08:18,210 --> 00:08:20,235 we're using PAT, like I said before, 221 00:08:20,235 --> 00:08:22,710 this is Port Address Translation. 222 00:08:22,710 --> 00:08:25,440 The reason for this is it only requires one IP address 223 00:08:25,440 --> 00:08:26,760 on your router. 224 00:08:26,760 --> 00:08:28,710 Now you can't just take one and give it directly 225 00:08:28,710 --> 00:08:30,450 to PC1 or PC2, though, 226 00:08:30,450 --> 00:08:33,360 because then only one of them can get online at a time. 227 00:08:33,360 --> 00:08:35,477 So instead, we're going to use ports to keep track 228 00:08:35,477 --> 00:08:37,799 of the different segments that we're doing. 229 00:08:37,799 --> 00:08:38,933 So when PC1 230 00:08:38,933 --> 00:08:41,220 and PC2 make a request to the router, 231 00:08:41,220 --> 00:08:42,809 the router's going to send off a request 232 00:08:42,809 --> 00:08:44,280 from its source address, 233 00:08:44,280 --> 00:08:46,410 and it's going to specify a port number 234 00:08:46,410 --> 00:08:48,180 to keep track of those requests. 235 00:08:48,180 --> 00:08:49,740 When the request comes back from the server 236 00:08:49,740 --> 00:08:51,210 on that specific port, 237 00:08:51,210 --> 00:08:52,560 it then knows I need to take 238 00:08:52,560 --> 00:08:54,780 that traffic and forward it to either PC1 239 00:08:54,780 --> 00:08:56,250 or PC2 respectively, 240 00:08:56,250 --> 00:08:58,140 depending on which port number it was. 241 00:08:58,140 --> 00:09:00,750 And that's why PAT is so popular today, 242 00:09:00,750 --> 00:09:02,910 because we only have to have one public IP, 243 00:09:02,910 --> 00:09:04,890 and we can have 20, 50, 244 00:09:04,890 --> 00:09:07,770 a hundred different devices all sitting behind that router 245 00:09:07,770 --> 00:09:10,020 and being kept track of based on those ports.