Address translation

As mentioned in the previous section the number of Public IP addresses (all IP addresses that can be used on the Internet) is limited. In total, there are about 4 billion IP addresses, much fewer than the number of people on the earth. IP addresses are needed not only for people but for all things that need to communicate on a computer network. This includes servers, web services, network equipment, cars and so on.

In practice, each Internet-connected person uses many public IP addresses. Not only simply because each person has got multiple devices (mobile phone, computer etc) but also each person has multiple roles where they use Internet-connected devices, for example at work and at home.

The one big solution to this problem is the Private IP address space that can be reused over and over without limitation. But private addresses cannot be allowed to be used on the Internet. Traffic can’t be sent over the Internet to private addresses, nor be sent from private addresses.

ISP's block private addresses on the Internet

So the Private IP addresses create another problem that in turn also requires a solution. That solution is to let many private IP addresses share one single public IP address. This is accomplished using Address Translation or NAT (Network Address Translation), which is described below.

When a computer wants to communicate it sends off a packet with data. The packet always has two IP addresses inscribed in the envelope or header of the packet.

  • Source Address, which is the IP address of the sender. This has to be entered into the packet so the receiver knows where it should send its replies, like a “return address”
  • Destination address, the IP address of the receiver that the packet is being sent to

In a home network where a computer wants to talk to something on the Internet, the source address will be a Private IP address on the LAN. The destination address of the packet will be a Public IP address of a server on the Internet. If that packet is sent to the Internet then the ISP will block and throw away the packet since it has a private IP address as its source.

To fix this problem the home router steps in and translates the source address from a private address to a public IP address. The router itself has a public IP address on its outside WAN interface. It got that public IP address from the ISP. The router will simply let every client on the inside LAN share that single public IP address.

The following picture shows (somewhat simplified) how the address translation works in the home router:

NAT in home router

When the router sends the packet on to the Internet the packet will appear to come from the home router’s public IP address. From the perspective of the ISPs and the web server, the packet is coming from the public IP address of the home router. When the web server replies back to the computer it will send its reply back to the public IP address of the home router, and the ISP finds its way back there without any trouble.

If several clients are operating at the same time on the LAN then it is both possible and likely that several computers want to browse at the same time to the Internet. Then the home router will keep track of what traffic that belongs to which computer. This lets the router know which inside LAN computer that the returning reply traffic should be sent to.

Home router NAT of multiple sessions

This type of NAT or address translation is often called Hide NAT because you “hide” your LAN computers behind a shared public IP address. It is a function that all home routers have built in and which is enabled right from the start. It is also very rarely something that you need to care much about because it simply works.

However as you can probably tell by now there are a lot of things going on in computer networks that most people don’t know about, and that you might have to learn about if you want to make any changes to your home network.

Previous part:
Public and Private IP addresses

Next part:
Ports - addresses for programs