Skip to content

Why NAT?

    Why NAT?

    Before we can discuss how NAT works, we must discuss the purpose of NAT and answer the question, “Why NAT?”

    In the original plan for the Internet, every host was meant to have its own unique IP address. This means if you had a network which had 30 hosts, you would need 30 unique IP addresses for each host to access the Internet, or to be accessed from the Internet.

    IP addresses are a finite resource – 32 bits allows for roughly 4.2 billion possible IP address combinations.

    As the Internet grew in popularity, the industry realized there would one day be more hosts on the Internet than there were IP addresses available.

    The long term, permanent solution was to create a larger address range, and IPv6 was born which is an addressing scheme that uses 128 bits. However, transitioning to IPv6 would prove to be a complicated and slow process, so a short term solution had to also be implemented: RFC 1918 was created to reduce the rate of IPv4 address utilization and delay the inevitable exhaustion of addresses.

    RFC 1918

    RFC 1918 designated three different address sets that were considered free to use and reuse by any organization:

    • /8 – any IP address in the range of   10 .   #   . # . #
    • /12 – any IP address in the range of 172 .[16-31]. # . #
    • /16 – any IP address in the range of 192 .  168  . # . #

    These addresses were labeled as Private addresses, and were deemed unroutable on the Internet. All the remaining addresses remained Public addresses, and able to be routed on the Internet.

    With RFC 1918, if you had 30 hosts on your network, all 30 of them would use 30 unique Private IP addresses, but for Internet facing traffic, all 30 could share a single Public address. Allowing you to conserve 29 Public addresses.

    Why NAT? - Home Wifi

    This is exactly what happens on WiFi networks. Whether it is a home WiFi network, or a coffee shop, or airport, each device on the network has a private IP address from one of the private ranges above. When these devices speak to the Internet, they all share the IP address assigned to the WiFi Router.

    These Private addresses can be reused with each deployment without fear of duplicate addresses on the Internet. So long as the Public address(es) they are sharing are unique.

    Why Nat? - WiFi Neighborhood

    For example, a lot of home WiFi networks use the common range of for each of their internal address ranges. The home Wifi router then translates each independent set of Private addresses into unique Public addresses.

    The idea is anyone can use these addresses, or even re-use these addresses, for as many hosts as they like on their internal network. NAT can then translate the multitude of hosts using Private addresses into a much smaller set of Public addresses – thereby curbing the rate of which IPv4 addresses are being utilized.

    Private addresses are theoretically infinite, since they can be reused with each deployment. Public addresses are finite, and tracked by the Internet Authority for Assigned Numbers (IANA) to ensure no organization inadvertently uses duplicate Public addresses.

    Consequently, the concept of Network Address Translation was born to facilitate the translation between Private addresses and Public addresses.

    Traditionally, NAT exists to translate Private IPv4 addresses into Public IPv4 addresses. For the sake of simplicity, this article series will describe NAT from this perspective. However, in reality, it does not matter whether the IP addresses being translated are public or private. NAT could easily occur from private addresses to other private addresses or from public addresses to other public addresses.

    Prefer video content to text? The majority of this article has been recorded and can be viewed on Youtube:

    Series NavigationNAT Terminology >>
    4.6 8 votes
    Article Rating
    Notify of

    Newest Most Voted
    Inline Feedbacks
    View all comments

    Good job Eddie!

    Hey Ed,

    Your posts are always helpful.
    Will there be any post for ospf and certificates ?

    Thanku for such wonderful information

    I could never get my head around this until I read your article. Thank you!


    I would like to just know what is pre-translation and post-translation. is there any method to understand that?

    Very good explanation!
    Easy to understand. Very helpful.
    Many thanks! /12 – any IP address in the range of 172 .[16-31]. # . #
    should that be [16-128] /12 – any IP address in the range of 172 .[16-31]. # . #
    sorry, was reading that wrong.