Dynamic PAT - Network Address Translation
ฝัง
- เผยแพร่เมื่อ 15 ก.ค. 2024
- Dynamic PAT allows many internal hosts to share one (or more) external IP address. It does this by assigning unique source ports to each outbound connection such that the response traffic can be untranslated successfully to the initiating host.
Dynamic PAT is the type of address translation which allows for the maximum conservation of IP Addresses. Dynamic PAT is often confused with Dynamic NAT.
In this video we show you the packet flow through a Dynamic PAT, showing you the packet before and after translation -- in BOTH directions (inbound and outbound).
This is a look at Dynamic PAT from a Vendor Neutral perspective. The concepts in this video will apply to any Static NAT translation, on any platform, from any vendor.
00:00 - Dynamic PAT definition
00:47 - Dynamic PAT Illustration & Configuration
01:50 - Dynamic PAT Packet Flow - Initial Traffic Outbound
03:09 - Source Port number in packets
04:56 - Dynamic PAT Packet Flow - Response Traffic Inbound
05:59 - Why is the Source Port randomized?
08:31 - Dynamic PAT is Unidirectional
10:41 - Dynamic PAT can be combined with Static PAT
11:46 - Many to One translation
12:35 - Every IP in allows for 65k~ concurrent connections
13:37 - Dynamic PAT is Unidirectional
14:06 - Summary (lol, did you catch my typo? Firewpower ... )
📌 Full NAT Playlist:
• Network Address Transl...
📌 Learn to configure / verify / troubleshoot NAT on Cisco Routers:
classes.pracnet.net/courses/n...
📌 Learn to configure / verify / troubleshoot NAT on Cisco ASA, ASAx, and Firepower Firewalls:
classes.pracnet.net/courses/n...
📌 Want to learn Networking?
• Networking Fundamentals
📌 Want to learn Subnetting?
• Subnetting Mastery
📌 Studying for the CCNA?
www.practicalnetworking.net/i...
#dynamicpat #pat #nat #rfc1918 #ip-address #cisco #juniper #ccna #net+ #dynamicnat - วิทยาศาสตร์และเทคโนโลยี
![ชวนน้องลงทุ่ง - เงาะน้อยเพชรบ้านแพง X น้องมายด์ [ Music Video ] Official Saman Music](http://i.ytimg.com/vi/Bq7Hw9culjE/mqdefault.jpg)
👉 *Want more?* Watch the rest of the NAT Series: th-cam.com/play/PLIFyRwBY_4bQ7tJvbLA9A0v8Fq9l-H923.html
🐦 *Enjoy this content?* Help me out with a like and/or Retweet: twitter.com/ed_pracnet/status/1513944439625977858
📌 *Want to learn Subnetting?* --> th-cam.com/play/PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE.html
🖧 *Want to learn Computer Networking?* --> th-cam.com/video/bj-Yfakjllc/w-d-xo.html
I just realized that I was so confused about the whole thing because people are calling NAT everything when in reality it isn't. Thanks for the great content.
Yup! Exactly. People often call translations the wrong thing!
I really hate unidirectional communication 🤢
You have no idea how much you clarified this for me. I am so grateful. Thank you so much
Glad it helped =). Cheers!
Thank You .. Your videos' are amazing and the best i have come by so far .. a novice IT Developer can get a quick hang of the networking world.. the way you teach & illustrate is simply mind blowing , I wish you could add more IT Topics like cloud Networking and APi's ..
Thank you for the kind words, CK. I'm glad you're getting so much from my content =)
I have watched several videos on this topic, but this is far and away the most clear and most comprehensive treatment of the subject.
You are a charismatic teacher!! God bless you!!
Cheers, Panagiotis ;)
The best explanation of NAT so far... thank you
Glad you enjoyed it =)
Thank you, you are a great teacher!
This is incredibly helpful, thank you!
loving these, inline with the rest of your content. Thanks Ed
Thanks Don =)
Thank you for the best NAT and PAT explaination.
You're welcome!
Thanks Ed for sharing another awesome video! Cheers for a successful 2022 🍻
Likewise, Scorpio! Happy 2022 (soon!)
Beautiful explanation, thank you
You're welcome, Ted.
Very good video.
Great Video..Thank you
Super helpful
Thank you this helped me allot
Glad this helped =)
Thank you.
You're welcome!
Grear, Thanks :)
You're welcome =)
🤩🤩🤩
Brill
Glad you enjoyed the NAT series as well, Ali =)
Thank you the explanation. Would Dynamic PAT be what most home networks use? Myabe in combination with Static PAT? I'm having a ahrd time to understand the practical usecases of the protocols sometimes.
Yes! Exactly. This is the "hole punching" example I was discussing around 11:00 ~
Perfect. Can you also do a video on how a VPN works sharing 100 customers using the same outbound vpn address? Would be very interesting.
It would be fun to tackle VPN stuff in more detail. But the sharing of the outbound VPN IP address will still occur as a simple Dynamic PAT. The VPN portion is independent of the NAT portion.
@@PracticalNetworking yes, thanks to your explanation, it's fascinating how brilliant the inventing of dynamic PAT is and how useful it's to services like shared VPN IP's. Your channel has very briefly touched on browser based SSL vpns, and it would be real interesting how their connections differ to say OpenVPN based VPNs, and how the topology looks when you use OpenVPN on the box and then also use the VPN extension, creating a tunnel inside a tunnel. And then if the destination site is also tls 1.3, it's then even more fun to think about. Could you elaborate on how, if the internal 10.x IP is mapped to a port via PAT to the VPNs front facing IP, how do say p2p, https, and Zoom can simultaneously work, and how those tunnels look like? Is ALL traffic from the 10.x machine mapped to a single public IP/port per authenticated VPN client out of say 100 clients, or is it more complex than that...how does it work... Would be great if you did a video along those lines!
Amazing explanation.. but I wonder where does source / destination NAT (SNAT / DNAT) fit in this whole equation of static / dynamic NAT and PAT?
Unfortunately, everyone calls NAT something different =/. But at it's core, there are still only 4 types of NAT that are simply applied in different ways.
www.practicalnetworking.net/series/nat/nat-terminology-disambiguation/
It will be great if you would configure NAT in a Router using CLI thank you.
I do... in this course =)
classes.pracnet.net/courses/nat-on-a-cisco-ios-router
can you help me ? how to install stackwise-virtual when have 4 cisco 9500
how to make sure the public IP address must have unique port numbers, as you said they're also randomized ? Is the router making sure that no two connections have the same port number on Public IP ?
Yes, exactly. The router is assuring the ports are unique by changing them if necessary.
I assume that the entries in the translation table ought to expire at some point to avoid running out of available ports?
Correct. Typically with TCP, the entry "expires" when the NAT device sees a RST or TCP FIN. Or after a certain amount of time. ANd with UDP it's just a simple timeout (every vendor has different defaults for this).
@@PracticalNetworking Thanks for clarifying. And thanks for the great work you are doing!
is static nat allow many hosts with private ip to share one public IP ?
Nope, Static NAT only allows 1 host to use 1 public IP. It can't allow multiple hosts to share the same IP address (without conceding it's bidirectionality).
Thanks very much but the question does networking still in demand
Yes. It will loose some market share as everything goes to the cloud, but it will never go away entirely.
Why RE-randomized? Why not just sequential (the next number to the last one)?
Good question. Some router/firewall platforms do just that (use sequentially the next-number). But, if the next sequential is in use, then +2 sequentially is used, and so on. But not all vendors operate this way. Hence in the video, I simply said "re-randomized" to imply that you can not make any assumptions about what _new_ source port the Router will use.
There also isn't really a _correct_ or _best_ way, as long as a unique source port is used, Dynamic PAT will work. Whether it be random, or sequential, or via some complicated algorithm, who knows?
Hope you enjoyed the video.
Still waiting for entire network course to purchase
Noted, Frempong =) Thanks for the reminder =)
is it really unidirectional? because if you initiate from inside then traffic still gets back to you...
Unidirectional based upon the *initial* packet.
A connection initiated from the inside will allow bi-directional packet flow. A connection initiated from the outside will not make it through the NAT device.
The robot doesn't breathe- play it at 75% speed and it's perfect.