4.3 billion. We currently have 4.3 billion available IPv4 addresses. That number may seem substantial, but when it comes to IP addresses, it’s pretty inadequate. 4.3 billion is the number of available public IP addresses given a 32-bit set of combinations. And the real number is closer to 3.7 billion if you consider loopback addresses, multicast, private IP address ranges, broadcast addresses, etc.
Network engineers have developed techniques to conserve these addresses as much as possible, inventing numerous methods to achieve this goal over the decades. All the various devices in your house, such as PCs, iPads, and Roku boxes, require IP addresses. Although not all 8 billion people on the planet have access to the internet, the number of devices that require IP addresses far exceeds that number.
This lack of IP addresses has led to the invention of IPV6 addresses. One solution to this problem is to introduce IPV6 addresses. With a 128-bit IP address, IPv6 has an astronomical number of IP addresses. The last time I checked, it’s somewhere in the range of 340 undecillion possible IP addresses. That’s 340 with 46 zeros after it!
Unfortunately, the transition to this new format is slow, so various methods of saving IP addresses will have to suffice until this becomes possible. Dynamic port address translation, or PAT, is one temporary means of saving IPV4 addresses.
In the diagram, I have configured three PCs to use private IP addresses: 192.168.1.1, .2, and .3. These are considered inside local addresses and, if going outside the network, will be translated by the router to the inside global address of 172.33.1.2 on interface F0/1 on the router (R1). If these computers send and receive packets simultaneously, they will differentiate them with random port numbers after the internal global address.
The router translates the local address to the global address, meaning that a whole LAN, such as a single house, only needs one global IP address, vastly reducing the amount of wasted IP addresses. An access control list has been created on the router to allow any traffic from the 192.168.1.0 network.
If you have a router inside your house, you can verify PAT by opening the command prompt on a Windows device and typing ‘ipconfig’. The ipconfig command usually displays a type C private IP address starting with 192. You could very likely see the same IP address on a computer in the home of one of your neighbors. They are the same because these aren’t IP addresses assigned by the Internet Assigned Numbers Authority (IANA). These addresses are reusable so long as we configure port translation on the router.
The router acts as a DHCP server and assigns private IPV4 addresses. DHCP is a protocol that gives out and reassigns IP addresses based on the DHCP lease assigned. Some addresses update within 24 hours, while some are set up not to update for a week.
The commands I used to set up this PAT configuration are as follows:
interface FastEthernet0/0
ip address 192.168.1.6 255.255.255.248
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.33.1.2 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip classless
!
ip flow-export version 9
!
!
access-list 1 permit 192.168.1.0 0.0.0.7
As you can see, inside NAT or network address translation is set for the IP address 192.168.1.6 255.255.255.248, which is the address assigned to the inside interface F0/0 on R1. Outside NAT is set on interface F0/1 with the IP address 172.33.1.2 255.255.255.252. An access list permitting the inside local addresses from the 192.168.1.0 network has been set up as the inside source list with the command overload. This command assigns random port numbers to the outgoing traffic along with the 172.33.1.2 address to differentiate devices. Otherwise, the router would have no means of knowing which IP address to translate the inside global address to.
With this approach, no NAT pool of private addresses is needed. You almost defeat the purpose of PAT with regular NAT because NAT uses one-to-one private to global address translation. This means you’re not really saving any global IPV4 addresses.
That’s it. I hope this explanation helps people to gain a better understanding of this topic. I realize that sometimes these articles will be nothing more than me talking to myself and reiterating knowledge to understand it better. I hope to refine my explanations as these posts continue in the future.
Here is a link to GitHub with the interactive lab: Dynamic-PAT/Dynamic PAT configuration (1).pkt at main · georgebatton/Dynamic-PAT
