Address Translation, complete picture

Here you can get the complete picture over how Address Translation works. The section is a little bit more advanced than many of the other sections. The main concept of Address Translation as it has been discussed in other parts of the guide is still valid, but by adding more knowledge about source and destination ports, it becomes possible to delve deeper into Address Translation.

Unless you have already done so you should probably read the specialisation on Ports before you go any further.

As long as a computer on your home network is initialising the traffic (in other words your computer is starting up the communication by sending the first message of the communication) then your home router can keep track of the replies coming back and send those replies to the correct computer on your home network.

For example, if you open a web browser on your computer which is connected to your home network, and you browse to a web page on the Internet, then your computer is initialising the communication by sending out a message to a web server on the Internet. The web server replies, and your home router makes sure that the answer is sent to the correct internal computer.

But what happens if two computers browse simultaneously to the same web page on the Internet? How can the router know when the replies come back which computer on the LAN that it should send each reply to?

In practice, the router keeps track not only of which IP addresses that the traffic is going to, but also which source and destination ports that the traffic is using. The source ports are randomised by the computer, which means that each session thus will have a unique combination of IP addresses and ports that the router can remember and associate with each ongoing traffic session.

By combining the information about IP addresses and ports that the router has about each communication flow it can distinguish different sessions from each other. So when the replies come back the router can determine just by looking at the IP addresses and ports that are in use which session that the traffic belongs to. The router can then check a session table where it saves information about these ongoing flows to see how the traffic was Address Translated, and to which computer on the internal LAN that the replies should be sent to.

This is how the complete flow of traffic through the router would appear if we also bring in the ports and the address translation.

NAT, the complete picture of how it works

For each traffic flow or session that is going through the router, the router will remember the following information and save it in a table in memory:

  • From what IP address on the LAN is the traffic coming
  • To what IP address on the Internet is the traffic going
  • From what port is the traffic coming
  • To what port is the traffic going
  • How did the router Address Translate that particular traffic

This is what the table that the router builds up would look like based on the information from the previous picture:

NAT session table in Router

When replies are coming back the router can look in its table and see what session that the traffic belongs to. Then it knows exactly how it should handle the replies, how the replies should be reverse address translated and to which computer it should send the traffic.

Previous part:
Ports, TCP and UDP in depth

Next part:
Traffic example, the full picture