IP Mobility Support for Virtual Private Networks

6 CHAPTER 2. TECHNOLOGIES 2.2 Network Address Translation Network Address Translation (NAT) attempts to provide a transparent rout- ing solution for hosts trying to communicate from disparate address realms with no compatible addressing. Since an IP address of one realm is not valid within the other realm, this is achieved by modifying end node addresses en-route and maintaining state for these changes. A typical usage of NAT is the connection of a network with a private addressing scheme1 to an external network with globally-routable addresses. Using a NAT gateway in such a scenario, it is possible to achieve two main advantages: Solving the public addresses shortage, a main problem in IPv4; hiding the real network topology to increase the security. One of the major characteristics is that both hosts in private and external domain are unaware of the NAT presence: No changes are required for the protocol stack of the communicating hosts, in order to be compatible with a intervening NAT gateway. It has to be noted that this “unawareness” is not always simply achievable or even possible. Even if it introduces some complications, nowadays NAT devices are widely used and this work can not leave out of consideration this element. The purpose of this section is therefore to show the basics of the functioning of a NAT router and analyze problems and limitations concerned with it. Finally we want to outline that this section is a summary of [5] and the reader interested in a more detailed information, can refer to this document. 2.2.1 How it works To understand how NAT works, we can analyze a typical usage. We wish to connect a private network, in which hosts are with no globally-routable addresses, to a public network, in which instead hosts have globally-routable addresses. We will call the private domain also internal realm and we will use the adjectives internal or private to mean what is related with it; external or public will be what is related with the outside (the public network). A private host A, that is identified by A-PriAddr address in its realm, wants to communicate with a public host B, that has B-PubAddr address (see Fig. 2.2). A-PriAddr is not valid within the public domain and therefore how can B reply to A packets? Packets with A-PriAddr as destination can not be routed within the public realm and thus A would not receive responses from B. A frequently used method to solve this problem is the adoption of a NAT 1Please refer to [4] for more information about addressing private networks

