1
00:00:00,170 --> 00:00:05,900
So the private addressing scheme works really well for computers that only have to access resources

2
00:00:05,900 --> 00:00:11,420
inside the network, like workstations needing access to file servers and printers and so forth.

3
00:00:11,930 --> 00:00:18,380
Routers inside the private network and route traffic between private addresses with no trouble whatsoever.

4
00:00:18,530 --> 00:00:25,430
However, to access resources outside the network, like the Internet, for example, these computers

5
00:00:25,430 --> 00:00:31,220
need to have a public address so that responses to their requests return to them.

6
00:00:31,430 --> 00:00:34,610
Now, this is where Nat comes into play.

7
00:00:36,300 --> 00:00:41,100
A workstation inside a private network makes a request to a computer on the Internet.

8
00:00:41,680 --> 00:00:48,250
The switches or the routers within the network recognize that the request is not for a resource inside

9
00:00:48,250 --> 00:00:49,210
the network.

10
00:00:49,210 --> 00:00:53,410
So they send the request to the router, let's say the backbone router.

11
00:00:54,160 --> 00:00:59,170
Now the backbone router sees the request from the computer with the internal IP.

12
00:01:00,200 --> 00:01:06,710
It then makes the same request to the Internet using its own public address and returns a response from

13
00:01:06,710 --> 00:01:10,700
the Internet resource to the computer inside the private network.

14
00:01:11,440 --> 00:01:17,770
From the perspective of the resource on the Internet, it's sending information to the address of the

15
00:01:17,770 --> 00:01:18,400
router.

16
00:01:19,240 --> 00:01:25,000
From the perspective of the workstation, it appears that the communication is directly with the site

17
00:01:25,000 --> 00:01:25,930
on the Internet.

18
00:01:26,510 --> 00:01:33,920
So when Nat is used like this, all users inside the private network that access the Internet have the

19
00:01:33,920 --> 00:01:35,750
same public IP address.

20
00:01:35,750 --> 00:01:42,140
So that means only one public address is needed for hundreds or even thousands of users.

21
00:01:42,880 --> 00:01:45,040
So let's have a look and see how it works.

22
00:01:45,930 --> 00:01:48,090
Here's a typical home network.

23
00:01:48,240 --> 00:01:54,480
There's a laptop desktop PC, a smartphone all connected to our home router.

24
00:01:54,780 --> 00:01:58,140
And the home router is, of course, connected to the Internet.

25
00:01:58,760 --> 00:02:05,630
So when we register with our ISP, the Internet service provider, we get an IP address that is accessible

26
00:02:05,630 --> 00:02:10,520
throughout the Internet, and that's pretty much assigned to that home router.

27
00:02:11,320 --> 00:02:15,100
We refer to it as real IP or public IP.

28
00:02:15,490 --> 00:02:22,780
Now suppose that the IP address 20.20.20.20 is assigned to our home router.

29
00:02:23,910 --> 00:02:27,780
Our devices inside the home network also have IP addresses.

30
00:02:27,780 --> 00:02:28,380
Right.

31
00:02:28,470 --> 00:02:35,850
But in this case, they get private IP addresses which are assigned by the home router and are not accessible

32
00:02:35,850 --> 00:02:37,080
from the Internet.

33
00:02:38,550 --> 00:02:44,520
As you can see here, the public IP addresses are red and the private IP addresses are green.

34
00:02:45,150 --> 00:02:53,520
So let's consider a connection request from the smartphone which requests the home page of ABC.com.

35
00:02:54,220 --> 00:02:58,510
So to reach the page, the smartphone has to go through the home router.

36
00:02:59,300 --> 00:03:06,380
The packet has the source IP address and the source port address, as well as the destination IP address

37
00:03:06,380 --> 00:03:08,150
and the destination port.

38
00:03:09,100 --> 00:03:15,850
If it arrives at the web server with these values, it processes the request and tries to send the reply

39
00:03:15,880 --> 00:03:17,620
packet to the IP address.

40
00:03:17,620 --> 00:03:20,620
192.168.1.5.

41
00:03:20,890 --> 00:03:27,250
But that's unreachable for the web server because it's a private IP address.

42
00:03:28,060 --> 00:03:34,660
So when the packet arrives at the home router, instead of sending the packet right over the internet,

43
00:03:34,750 --> 00:03:41,620
the home router changes the source IP address with its very own public IP address.

44
00:03:42,420 --> 00:03:45,840
It also creates a record in the Nat forwarding table.

45
00:03:46,770 --> 00:03:53,040
This table allows us to know which packets will be redirected to the smartphone when they come in.

46
00:03:54,020 --> 00:03:59,330
So moving right along the packet, travels over the Internet and arrives at the web server.

47
00:04:00,240 --> 00:04:07,290
The web server creates a reply packet where the source IP address is itself, and the destination IP

48
00:04:07,290 --> 00:04:11,010
address is the public IP address of the home router.

49
00:04:12,200 --> 00:04:20,029
When our home router receives a response, it looks at the Nat forwarding table and replaces the destination

50
00:04:20,029 --> 00:04:24,430
IP and the port according to the mapping inside the table.

51
00:04:24,440 --> 00:04:27,620
And finally the smartphone receives the packet.

52
00:04:28,890 --> 00:04:29,730
Pretty cool, huh?