NAT Classification

NAT translates between private and public IP addresses carried in the headers of IP data packets. Two modes are available: Port Address Translation (PAT) and No-PAT.

In addition to the preceding NAT modes, the following NAT modes are available:

NAT44: IPv4 addresses are converted to IPv4 addresses.
NAT444: A CPE performs NAT for user packets once, and a router performs NAT again for the translated packets. This deployment mode is called NAT444. The router cannot determine whether the CPE performs NAT. The NAT44 and NAT444 configurations are the same. Therefore, NAT44 and NAT444 are called NAT for short.
NAT64: The IP address before translation is an IPv6 address and after translation is an IPv4 address. For more information, see the NAT64 chapter.
NAT46: The IP address before translation is an IPv4 address and after translation is an IPv6 address. NAT46 and NAT64 are reverse to each other. This document uses NAT64 as an example. NAT64 principles can be used as a reference for NAT46. For more information, see the NAT64 chapter.

PAT-based NAT Translation

PAT-based NAT translation is also called network address port translation (NAPT). NAPT translates both source IP addresses and port numbers between public and private networks. For packets with the same private source IP addresses and different source port numbers, NAPT translates the private source IP address in each packet to the same public source IP address and each private source port number to a specific public source port number.

Figure 1 PAT-based NAT translation

On the network shown in Figure 1, three data packets with private addresses arrive at the NAT device. Packet 1 and packet 2 are from the same private address but have different source port numbers. Packet 1 and packet 3 are from different private addresses but have the same source port number. The NAT device uses NAPT to translate the private source IP addresses into the same public source IP address and each private source port number into a specific public source port number. When the response packets of these packets arrive at the NAT device, the NAT device can still identify the internal hosts to which the packets should be forwarded based on the destination IP addresses and destination port numbers of the response packets.

In NAPT mode, a NAT device converts both IP addresses and port numbers in packets. The NAPT mode more efficiently uses IP address resources to allow more internal hosts to access the internet at the same. In addition, the NAPT mode supports fragments. When basic NAT is used, each private IP address is mapped to a different public IP address, which wastes IP address resources. Therefore, the NAPT mode is recommended.

No-PAT NAT Translation

No-PAT NAT is called basic NAT. It implements one-to-one translation between private and public IP addresses. The public and private port numbers remain unchanged after NAT.

Figure 2 No-PAT NAT translation

On the network shown in Figure 2, after two data packets with different internal IP addresses and different source port numbers arrive at the NAT device, the NAT device translates the source IP addresses of the two data packets into different external IP addresses and remains the source port numbers unchanged through No-PAT.

No-PAT is used by enterprises for services with high privacy. For example, customers in the financial industry require not to show the private IP addresses carried in service packets transmitted over a public network. In addition, some financial applications use the fixed port numbers, and No-PAT can meet such a requirement.