Don’t use NAT if you don’t have to!

Someone brought you here, because you use NAT where it’s not needed.

What is NAT?

Well, there are many types of NAT, but RFC3022 says:

Basic Network Address Translation or Basic NAT is a method by which IP addresses are mapped from one group to another, transparent to end users. Network Address Port Translation, or NAPT is a method by which many network addresses and their TCP/UDP (Transmission Control Protocol/User Datagram Protocol) ports are translated into a single network address and its TCP/UDP ports. Together, these two operations, referred to as traditional NAT, provide a mechanism to connect a realm with private addresses to an external realm with globally unique registered addresses.

Why does NAT exist?

The first NAT RFC1631 from 1994 mentions the increasing exhaustion of IP addresses.

That’s the main reason for NAT. There aren’t enough IPv4 addresses available to uniquely address every single network device connected to the internet. This problem is addressed with IPv6, but until everyone is using IPv6 (I think I’ll be retired by then), NAT is used to map many addresses used in a LAN to a single (or much fewer) public addresses.

Does NAT come with disadvantages?

YES! That’s why you are here!

But I need NAT!

Why? There are only a few reasons for NAT!

  1. To address the above-mentioned exhaustion of public IPv4 addresses.
  2. If you need to connect networks with overlapping addresses - for example when connecting two networks with a VPN-Tunnel. Do a double 1:1 NAT to encounter the mentioned disadvantages!
  3. If you want to map a provider assigned IP scope to internal systems.

You don’t need NAT in these cases: