Dynamic PAT - Network Address Translation

Подписаться 246 тыс.

Просмотров 24 тыс.

50% 1

Dynamic PAT allows many internal hosts to share one (or more) external IP address. It does this by assigning unique source ports to each outbound connection such that the response traffic can be untranslated successfully to the initiating host.
Dynamic PAT is the type of address translation which allows for the maximum conservation of IP Addresses. Dynamic PAT is often confused with Dynamic NAT.
In this video we show you the packet flow through a Dynamic PAT, showing you the packet before and after translation -- in BOTH directions (inbound and outbound).
This is a look at Dynamic PAT from a Vendor Neutral perspective. The concepts in this video will apply to any Static NAT translation, on any platform, from any vendor.
00:00 - Dynamic PAT definition
00:47 - Dynamic PAT Illustration & Configuration
01:50 - Dynamic PAT Packet Flow - Initial Traffic Outbound
03:09 - Source Port number in packets
04:56 - Dynamic PAT Packet Flow - Response Traffic Inbound
05:59 - Why is the Source Port randomized?
08:31 - Dynamic PAT is Unidirectional
10:41 - Dynamic PAT can be combined with Static PAT
11:46 - Many to One translation
12:35 - Every IP in allows for 65k~ concurrent connections
13:37 - Dynamic PAT is Unidirectional
14:06 - Summary (lol, did you catch my typo? Firewpower ... )
📌 Full NAT Playlist:
• Network Address Transl...
📌 Learn to configure / verify / troubleshoot NAT on Cisco Routers:
classes.pracnet.net/courses/n...
📌 Learn to configure / verify / troubleshoot NAT on Cisco ASA, ASAx, and Firepower Firewalls:
classes.pracnet.net/courses/n...
📌 Want to learn Networking?
• Networking Fundamentals
📌 Want to learn Subnetting?
• Subnetting Mastery
📌 Studying for the CCNA?
www.practicalnetworking.net/i...
#dynamicpat #pat #nat #rfc1918 #ip-address #cisco #juniper #ccna #net+ #dynamicnat

Наука

Опубликовано:

25 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 61

@PracticalNetworking Год назад

👉 *Want more?* Watch the rest of the NAT Series: ru-vid.com/group/PLIFyRwBY_4bQ7tJvbLA9A0v8Fq9l-H923 🐦 *Enjoy this content?* Help me out with a like and/or Retweet: twitter.com/ed_pracnet/status/1513944439625977858 📌 *Want to learn Subnetting?* --> ru-vid.com/group/PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE 🖧 *Want to learn Computer Networking?* --> ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-bj-Yfakjllc.html

@anastasiskarlis1282 2 года назад

I just realized that I was so confused about the whole thing because people are calling NAT everything when in reality it isn't. Thanks for the great content.

@PracticalNetworking 2 года назад

Yup! Exactly. People often call translations the wrong thing!

@nabibunbillah1839 13 дней назад

I really hate unidirectional communication 🤢

@sudhick 2 года назад

Thank You .. Your videos' are amazing and the best i have come by so far .. a novice IT Developer can get a quick hang of the networking world.. the way you teach & illustrate is simply mind blowing , I wish you could add more IT Topics like cloud Networking and APi's ..

@PracticalNetworking 2 года назад

Thank you for the kind words, CK. I'm glad you're getting so much from my content =)

@mthoko Год назад

You have no idea how much you clarified this for me. I am so grateful. Thank you so much

@PracticalNetworking Год назад

Glad it helped =). Cheers!

@LTVoyager Год назад

I have watched several videos on this topic, but this is far and away the most clear and most comprehensive treatment of the subject.

@marouaakkal1800 Год назад

The best explanation of NAT so far... thank you

@PracticalNetworking Год назад

Glad you enjoyed it =)

@pmanolak Год назад

You are a charismatic teacher!! God bless you!!

@PracticalNetworking Год назад

Cheers, Panagiotis ;)

@RichardPlucker 4 дня назад

This is incredibly helpful, thank you!

@dariom9931 3 месяца назад

Thank you, you are a great teacher!

@DIY-ct1si 2 года назад

Thank you for the best NAT and PAT explaination.

@PracticalNetworking 2 года назад

You're welcome!

@Don-Carillo 2 года назад

loving these, inline with the rest of your content. Thanks Ed

@PracticalNetworking 2 года назад

Thanks Don =)

@scorpio_1312 2 года назад

Thanks Ed for sharing another awesome video! Cheers for a successful 2022 🍻

@PracticalNetworking 2 года назад

Likewise, Scorpio! Happy 2022 (soon!)

@TheActualTed 2 года назад

Beautiful explanation, thank you

@PracticalNetworking 2 года назад

You're welcome, Ted.

@nifink.antony6953 5 месяцев назад

Great Video..Thank you

@IliyaDamyanov 8 месяцев назад

Very good video.

@bhaktavatsalambhaktavatsal6369 9 месяцев назад

Super helpful

@ga6917 Год назад

Thank you this helped me allot

@PracticalNetworking Год назад

Glad this helped =)

@cuspajzz 2 года назад

Grear, Thanks :)

@PracticalNetworking 2 года назад

You're welcome =)

@abyewondimu308 2 года назад

Thank you.

@PracticalNetworking 2 года назад

You're welcome!

@CCNABatais 5 месяцев назад

🤩🤩🤩

@Gurben92 2 года назад

Thank you the explanation. Would Dynamic PAT be what most home networks use? Myabe in combination with Static PAT? I'm having a ahrd time to understand the practical usecases of the protocols sometimes.

@PracticalNetworking 2 года назад

Yes! Exactly. This is the "hole punching" example I was discussing around 11:00 ~

@ibrahimtouman2279 2 года назад

Amazing explanation.. but I wonder where does source / destination NAT (SNAT / DNAT) fit in this whole equation of static / dynamic NAT and PAT?

@PracticalNetworking 2 года назад

Unfortunately, everyone calls NAT something different =/. But at it's core, there are still only 4 types of NAT that are simply applied in different ways. www.practicalnetworking.net/series/nat/nat-terminology-disambiguation/

@Derbauer 2 года назад

Perfect. Can you also do a video on how a VPN works sharing 100 customers using the same outbound vpn address? Would be very interesting.

@PracticalNetworking 2 года назад

It would be fun to tackle VPN stuff in more detail. But the sharing of the outbound VPN IP address will still occur as a simple Dynamic PAT. The VPN portion is independent of the NAT portion.

@Derbauer 2 года назад

@@PracticalNetworking yes, thanks to your explanation, it's fascinating how brilliant the inventing of dynamic PAT is and how useful it's to services like shared VPN IP's. Your channel has very briefly touched on browser based SSL vpns, and it would be real interesting how their connections differ to say OpenVPN based VPNs, and how the topology looks when you use OpenVPN on the box and then also use the VPN extension, creating a tunnel inside a tunnel. And then if the destination site is also tls 1.3, it's then even more fun to think about. Could you elaborate on how, if the internal 10.x IP is mapped to a port via PAT to the VPNs front facing IP, how do say p2p, https, and Zoom can simultaneously work, and how those tunnels look like? Is ALL traffic from the 10.x machine mapped to a single public IP/port per authenticated VPN client out of say 100 clients, or is it more complex than that...how does it work... Would be great if you did a video along those lines!

@AliTwaij Год назад

Brill

@PracticalNetworking Год назад

Glad you enjoyed the NAT series as well, Ali =)

@burhanshah5855 Год назад

how to make sure the public IP address must have unique port numbers, as you said they're also randomized ? Is the router making sure that no two connections have the same port number on Public IP ?

@PracticalNetworking Год назад

Yes, exactly. The router is assuring the ports are unique by changing them if necessary.

@skalmelid 2 года назад

I assume that the entries in the translation table ought to expire at some point to avoid running out of available ports?

@PracticalNetworking 2 года назад

Correct. Typically with TCP, the entry "expires" when the NAT device sees a RST or TCP FIN. Or after a certain amount of time. ANd with UDP it's just a simple timeout (every vendor has different defaults for this).

@skalmelid 2 года назад

@@PracticalNetworking Thanks for clarifying. And thanks for the great work you are doing!

@burgundyhome7492 Год назад

Why RE-randomized? Why not just sequential (the next number to the last one)?

@PracticalNetworking Год назад

Good question. Some router/firewall platforms do just that (use sequentially the next-number). But, if the next sequential is in use, then +2 sequentially is used, and so on. But not all vendors operate this way. Hence in the video, I simply said "re-randomized" to imply that you can not make any assumptions about what _new_ source port the Router will use. There also isn't really a _correct_ or _best_ way, as long as a unique source port is used, Dynamic PAT will work. Whether it be random, or sequential, or via some complicated algorithm, who knows? Hope you enjoyed the video.

@ilham5055 2 года назад

is static nat allow many hosts with private ip to share one public IP ?

@PracticalNetworking 2 года назад

Nope, Static NAT only allows 1 host to use 1 public IP. It can't allow multiple hosts to share the same IP address (without conceding it's bidirectionality).

@abdobenzayed9062 2 года назад

Thanks very much but the question does networking still in demand

@PracticalNetworking 2 года назад

Yes. It will loose some market share as everything goes to the cloud, but it will never go away entirely.

@tahersadeghi6773 Год назад

It will be great if you would configure NAT in a Router using CLI thank you.

@PracticalNetworking Год назад

I do... in this course =) classes.pracnet.net/courses/nat-on-a-cisco-ios-router

@whiteblack4755 2 года назад

can you help me ? how to install stackwise-virtual when have 4 cisco 9500

@CyberTronics 10 месяцев назад

is it really unidirectional? because if you initiate from inside then traffic still gets back to you...

@PracticalNetworking 10 месяцев назад

Unidirectional based upon the *initial* packet. A connection initiated from the inside will allow bi-directional packet flow. A connection initiated from the outside will not make it through the NAT device.