You can conserve addresses in the inside global address pool by allowing the router to use one global address for many local addresses. When this overloading is configured, the router maintains enough information from higher-level protocols (for example, TCP or UDP port numbers) to translate the global address back to the correct local address. When multiple local addresses map to one global address, the TCP or UDP port numbers of each inside host distinguish between the local addresses.
The figure below illustrates a NAT operation when one inside global address represents multiple inside local addresses. The TCP port numbers act as differentiators.
Figure 2 |
NAT Overloading Inside Global Addresses |
The router performs the following process in overloading inside global addresses, as shown in the figure above. Both host B and host C believe that they are communicating with a single host at address 203.0.113.2. They are actually communicating with different hosts; the port number is the differentiator. In fact, many inside hosts could share the inside global IP address by using many port numbers.
-
The user at host 10.1.1.1 opens a connection to host B.
-
The first packet that the router receives from host 10.1.1.1 causes the router to check its NAT table:
-
If no translation entry exists, the router determines that address 10.1.1.1 must be translated, and sets up a translation of inside local address 10.1.1.1 to a legal global address.
-
If overloading is enabled, and another translation is active, the router reuses the global address from that translation and saves enough information to be able to translate the global address back. This type of entry is called an extended entry.
-
The router replaces the inside local source address 10.1.1.1 with the selected global address and forwards the packet.
-
Host B receives the packet and responds to host 10.1.1.1 by using the inside global IP address 203.0.113.2.
-
When the router receives the packet with the inside global IP address, it performs a NAT table lookup, using the protocol, the inside global address and port, and the outside address and port as a key; translates the address to inside local address 10.1.1.1; and forwards the packet to host 10.1.1.1.
Host 10.1.1.1 receives the packet and continues the conversation. The router performs Steps 2 through 5 for each packet.