Dynamic PAT - Network Address Translation

Рет қаралды 23,967

Күн бұрын

Dynamic PAT allows many internal hosts to share one (or more) external IP address. It does this by assigning unique source ports to each outbound connection such that the response traffic can be untranslated successfully to the initiating host.
Dynamic PAT is the type of address translation which allows for the maximum conservation of IP Addresses. Dynamic PAT is often confused with Dynamic NAT.
In this video we show you the packet flow through a Dynamic PAT, showing you the packet before and after translation -- in BOTH directions (inbound and outbound).
This is a look at Dynamic PAT from a Vendor Neutral perspective. The concepts in this video will apply to any Static NAT translation, on any platform, from any vendor.
00:00 - Dynamic PAT definition
00:47 - Dynamic PAT Illustration & Configuration
01:50 - Dynamic PAT Packet Flow - Initial Traffic Outbound
03:09 - Source Port number in packets
04:56 - Dynamic PAT Packet Flow - Response Traffic Inbound
05:59 - Why is the Source Port randomized?
08:31 - Dynamic PAT is Unidirectional
10:41 - Dynamic PAT can be combined with Static PAT
11:46 - Many to One translation
12:35 - Every IP in allows for 65k~ concurrent connections
13:37 - Dynamic PAT is Unidirectional
14:06 - Summary (lol, did you catch my typo? Firewpower ... )
📌 Full NAT Playlist:
• Network Address Transl...
📌 Learn to configure / verify / troubleshoot NAT on Cisco Routers:
classes.pracnet.net/courses/n...
📌 Learn to configure / verify / troubleshoot NAT on Cisco ASA, ASAx, and Firepower Firewalls:
classes.pracnet.net/courses/n...
📌 Want to learn Networking?
• Networking Fundamentals
📌 Want to learn Subnetting?
• Subnetting Mastery
📌 Studying for the CCNA?
www.practicalnetworking.net/i...
#dynamicpat #pat #nat #rfc1918 #ip-address #cisco #juniper #ccna #net+ #dynamicnat

Пікірлер: 61

@PracticalNetworking Жыл бұрын

👉 *Want more?* Watch the rest of the NAT Series: kzbin.info/aero/PLIFyRwBY_4bQ7tJvbLA9A0v8Fq9l-H923 🐦 *Enjoy this content?* Help me out with a like and/or Retweet: twitter.com/ed_pracnet/status/1513944439625977858 📌 *Want to learn Subnetting?* --> kzbin.info/aero/PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE 🖧 *Want to learn Computer Networking?* --> kzbin.info/www/bejne/mJuQipmXoM-fosU

@anastasiskarlis1282 2 жыл бұрын

I just realized that I was so confused about the whole thing because people are calling NAT everything when in reality it isn't. Thanks for the great content.

@PracticalNetworking 2 жыл бұрын

Yup! Exactly. People often call translations the wrong thing!

@nabibunbillah1839 Ай бұрын

I really hate unidirectional communication 🤢

@sudhick 2 жыл бұрын

Thank You .. Your videos' are amazing and the best i have come by so far .. a novice IT Developer can get a quick hang of the networking world.. the way you teach & illustrate is simply mind blowing , I wish you could add more IT Topics like cloud Networking and APi's ..

@PracticalNetworking 2 жыл бұрын

Thank you for the kind words, CK. I'm glad you're getting so much from my content =)

@mthoko 2 жыл бұрын

You have no idea how much you clarified this for me. I am so grateful. Thank you so much

@PracticalNetworking 2 жыл бұрын

Glad it helped =). Cheers!

@LTVoyager Жыл бұрын

I have watched several videos on this topic, but this is far and away the most clear and most comprehensive treatment of the subject.

@marouaakkal1800 Жыл бұрын

The best explanation of NAT so far... thank you

@PracticalNetworking Жыл бұрын

Glad you enjoyed it =)

@pmanolak Жыл бұрын

You are a charismatic teacher!! God bless you!!

@PracticalNetworking Жыл бұрын

Cheers, Panagiotis ;)

@DIY-ct1si 2 жыл бұрын

Thank you for the best NAT and PAT explaination.

@PracticalNetworking 2 жыл бұрын

You're welcome!

@Don-Carillo 2 жыл бұрын

loving these, inline with the rest of your content. Thanks Ed

@PracticalNetworking 2 жыл бұрын

Thanks Don =)

@RichardPlucker 23 күн бұрын

This is incredibly helpful, thank you!

@scorpio_1312 2 жыл бұрын

Thanks Ed for sharing another awesome video! Cheers for a successful 2022 🍻

@PracticalNetworking 2 жыл бұрын

Likewise, Scorpio! Happy 2022 (soon!)

@dariom9931 4 ай бұрын

Thank you, you are a great teacher!

@TheActualTed 2 жыл бұрын

Beautiful explanation, thank you

@PracticalNetworking 2 жыл бұрын

You're welcome, Ted.

@nifink.antony6953 6 ай бұрын

Great Video..Thank you

@IliyaDamyanov 9 ай бұрын

Very good video.

@bhaktavatsalambhaktavatsal6369 10 ай бұрын

Super helpful

@ga6917 Жыл бұрын

Thank you this helped me allot

@PracticalNetworking Жыл бұрын

Glad this helped =)

@abyewondimu308 2 жыл бұрын

Thank you.

@PracticalNetworking 2 жыл бұрын

You're welcome!

@cuspajzz 2 жыл бұрын

Grear, Thanks :)

@PracticalNetworking 2 жыл бұрын

You're welcome =)

@CCNABatais 6 ай бұрын

🤩🤩🤩

@Derbauer 2 жыл бұрын

Perfect. Can you also do a video on how a VPN works sharing 100 customers using the same outbound vpn address? Would be very interesting.

@PracticalNetworking 2 жыл бұрын

It would be fun to tackle VPN stuff in more detail. But the sharing of the outbound VPN IP address will still occur as a simple Dynamic PAT. The VPN portion is independent of the NAT portion.

@Derbauer 2 жыл бұрын

@@PracticalNetworking yes, thanks to your explanation, it's fascinating how brilliant the inventing of dynamic PAT is and how useful it's to services like shared VPN IP's. Your channel has very briefly touched on browser based SSL vpns, and it would be real interesting how their connections differ to say OpenVPN based VPNs, and how the topology looks when you use OpenVPN on the box and then also use the VPN extension, creating a tunnel inside a tunnel. And then if the destination site is also tls 1.3, it's then even more fun to think about. Could you elaborate on how, if the internal 10.x IP is mapped to a port via PAT to the VPNs front facing IP, how do say p2p, https, and Zoom can simultaneously work, and how those tunnels look like? Is ALL traffic from the 10.x machine mapped to a single public IP/port per authenticated VPN client out of say 100 clients, or is it more complex than that...how does it work... Would be great if you did a video along those lines!

@ibrahimtouman2279 2 жыл бұрын

Amazing explanation.. but I wonder where does source / destination NAT (SNAT / DNAT) fit in this whole equation of static / dynamic NAT and PAT?

@PracticalNetworking 2 жыл бұрын

Unfortunately, everyone calls NAT something different =/. But at it's core, there are still only 4 types of NAT that are simply applied in different ways. www.practicalnetworking.net/series/nat/nat-terminology-disambiguation/

@Gurben92 2 жыл бұрын

Thank you the explanation. Would Dynamic PAT be what most home networks use? Myabe in combination with Static PAT? I'm having a ahrd time to understand the practical usecases of the protocols sometimes.

@PracticalNetworking 2 жыл бұрын

Yes! Exactly. This is the "hole punching" example I was discussing around 11:00 ~

@burhanshah5855 Жыл бұрын

how to make sure the public IP address must have unique port numbers, as you said they're also randomized ? Is the router making sure that no two connections have the same port number on Public IP ?

@PracticalNetworking Жыл бұрын

Yes, exactly. The router is assuring the ports are unique by changing them if necessary.

@tahersadeghi6773 Жыл бұрын

It will be great if you would configure NAT in a Router using CLI thank you.

@PracticalNetworking Жыл бұрын

I do... in this course =) classes.pracnet.net/courses/nat-on-a-cisco-ios-router

@skalmelid 2 жыл бұрын

I assume that the entries in the translation table ought to expire at some point to avoid running out of available ports?

@PracticalNetworking 2 жыл бұрын

Correct. Typically with TCP, the entry "expires" when the NAT device sees a RST or TCP FIN. Or after a certain amount of time. ANd with UDP it's just a simple timeout (every vendor has different defaults for this).

@skalmelid 2 жыл бұрын

@@PracticalNetworking Thanks for clarifying. And thanks for the great work you are doing!

@AliTwaij Жыл бұрын

Brill

@PracticalNetworking Жыл бұрын

Glad you enjoyed the NAT series as well, Ali =)

@burgundyhome7492 Жыл бұрын

Why RE-randomized? Why not just sequential (the next number to the last one)?

@PracticalNetworking Жыл бұрын

Good question. Some router/firewall platforms do just that (use sequentially the next-number). But, if the next sequential is in use, then +2 sequentially is used, and so on. But not all vendors operate this way. Hence in the video, I simply said "re-randomized" to imply that you can not make any assumptions about what _new_ source port the Router will use. There also isn't really a _correct_ or _best_ way, as long as a unique source port is used, Dynamic PAT will work. Whether it be random, or sequential, or via some complicated algorithm, who knows? Hope you enjoyed the video.

@ilham5055 2 жыл бұрын

is static nat allow many hosts with private ip to share one public IP ?

@PracticalNetworking 2 жыл бұрын

Nope, Static NAT only allows 1 host to use 1 public IP. It can't allow multiple hosts to share the same IP address (without conceding it's bidirectionality).

@frempongadarkwa2232 2 жыл бұрын

Still waiting for entire network course to purchase

@PracticalNetworking 2 жыл бұрын

Noted, Frempong =) Thanks for the reminder =)

@abdobenzayed9062 2 жыл бұрын

Thanks very much but the question does networking still in demand

@PracticalNetworking 2 жыл бұрын

Yes. It will loose some market share as everything goes to the cloud, but it will never go away entirely.

@whiteblack4755 2 жыл бұрын

can you help me ? how to install stackwise-virtual when have 4 cisco 9500

@CyberTronics 11 ай бұрын

is it really unidirectional? because if you initiate from inside then traffic still gets back to you...

@PracticalNetworking 10 ай бұрын

Unidirectional based upon the *initial* packet. A connection initiated from the inside will allow bi-directional packet flow. A connection initiated from the outside will not make it through the NAT device.