9

As I know, NAT is the system, that divides IP addresses into two categories - public and private. Public represents the local network from the outside and private represents the device from the inside.

Subnetting divides one IP address into the part that represents the network from outside and the part that represents the device on the network.

Remembering that every IP addresses is 32 bit, having two of them (in NAT) gives an opportunity to use more IP addresses (both on the inside and on the outside), than in the situation with subnetting. Why would we need subnet masks then?

When I ask google for my IP from computer and from my phone, I see the very same public IP, and when I scan the local network with nmap, I see only private IPs.

So why do we need subnet masks, if we have NAT?

P.S. When the server sends out the signal to my PC, does it send it only to my public IP and the router remembers which private IP needs it, or does the server send out both, the public and the private IPs?

New Thing
  • 93
  • 1
  • 1
  • 3

7 Answers7

10

NAT and subnetting solve two different problems.

Problem 1: Previously IP addresses were divided into classes A, B and C. A class C address had a default subnet mask of 255.255.255.0 meaning 24 bits decide which network and the last 8 bits are for the host. With 8 bits for hosts you could have 2^8 - 1 = 254 IP addresses that are part of the same network.

Historically it was not recommended to have more than around 250 IPs on the same network because of broadcasts flooding the network which meant that class B networks, which have a default subnet mask of 255.255.0.0 with 16 bits for hosts, have way too many addresses for a single network. Even more so with a class A network.

Also most of the time we require many smaller networks with just a few hosts which is why we subnet. Subnetting is basically moving the boundary between the host and network part of the address. So by decreasing the number of addresses on each network, you can increase the number of networks.

Problem 2 is that, even with subnetting, we have way too few addresses for every device to get its own, which is why we've got NAT.

NAT or in this case PAT works by letting multiple private adresses share a single public IP address by mapping to a port number.

So, in the IPv4 address space, we have a few reserved blocks of addresses which are meant to be used locally on a private network, e.g. 192.168.0.0 with a subnet mask of 255.255.255.0. This network can be used on multiple sites at the same time because they are private and not allowed to be used on the Internet.

So when a device with a private IP wants to go out on the Internet, the private IP is mapped to a public IP address, together with a port number which means that multiple devices on a local network can share on a single public IP. This extends the number of devices that can access the Internet.

If the server is on the same network as your PC it will communicate with your private IP. If the server is on the Internet, it will communicate with your public IP on a specific port which your router maps to your private IP.

David Richerby
  • 103
  • 2
Jimmy
  • 616
  • 6
  • 10
8

Let me see if I can clear up some misunderstanding for you:

NAT is the system that divides IP addresses into two categories - public and private. Public represents the local network from the outside and private represents the device from the inside.

Not quite. NAT simply translates IP addresses from one set to another. As you use the terms, "public" means addresses that are globally unique and routable on the Internet. "Private" addresses are not globally unique and therefore not routable on the Internet. As NAT is normally used, your public address is the globally unique address that is the source address of all the packets you send on the Internet.

Subnetting divides one IP address into the part that represents the network from outside and the part that represents the device on the network.

Take out the phrase "from outside" and your definition is correct. Subnetting has nothing to do with "inside" or "outside." Networks exist both on the "inside" as well as "outside" and therefore you need a way to identify networks and how to reach them.

When I ask google for my IP from computer and from my phone, I see the very same public IP, and when I scan the local network with nmap, I see only private IPs.

You see the same IP because your router or firewall is translating the "inside" IPs of your phone and PC to a single public source address as your packets flow through the router. When the return traffic flows through the router, it translates the destination address to the addresses on your PC or phone.

When the server sends out the signal to my PC, does it send it only to my public IP and the router remembers which private IP needs it, or does the server send out both, the public and the private IPs?

IP packets only have a source and destination address, which on the Internet can be considered "public" IPs. The server has no idea if you are using NAT or not. Yes, your router keeps track of the translation.

Remembering that every IP addresses is 32 bit, having two of them (in NAT) gives an opportunity to use more IP addresses (both on the inside and on the outside), than in the situation with subnetting. Why would we need subnet masks then?

I confess I'm not sure of the point you're trying to make here, or how you believe NAT would allow more addresses. Your private address may be 192.168.1.100, translated into a public address. My private address is also 192.168.1.100 translated into a different public address.

Ron Trunk
  • 68,291
  • 5
  • 66
  • 126
3

The internet was built without NAT: it's a later invention. NAT imposes three very strict limitations on networks. Firstly, you can't address hosts behind NAT directly. Secondly, there must be a single gateway linking the network to the rest of the internet. Thirdly, the gateway must track the TCP source and destination ports of every connection through it.

In the internet core, there are a large number of networks that have more than one gateway. The gateways are not aware of one another's network traffic, and they are stateless: they do not track the TCP sequence numbers of every connection through them. This greatly improves their performance. How is a packet routed through the correct gateway to the correct network? Via routing tables, which match the network prefix.

pjc50
  • 321
  • 1
  • 4
2

The OP is mixing 2 very different concepts. Subnetting is a routing concept that allows for segmentation and a hierarchical routing structure. Think in terms of a phone number with (areacode) Exchange-terminal. In routing there is an Autonomous System Number (areacode) Network (exchange) and host (-terminal). If you think in those terms, the subnet mask determines the size of the exchange-terminal range. This is what routing protocols use to send packets to and from the correct addresses.

As noted above, a NAT translates between 2 networks that cannot route between them. In most cases this is between the public internet address and the private RFC1918 private space that can be used over and over in different locations. The NAT device keeps track of which flows map to the address and ports on two sides of the network space. While this is in your router, which is the IP layer, it is not a function of routing, but works at the transport layer.

Hope this helps

Kevin
  • 91
  • 3
1

Subnetting is helpful for dividing a network into smaller networks. This is more efficient than traditional classful IP addressing. Data travels faster and more efficiently.

NAT (Network Address Translation)is a protocol that translates a private IP into a public IP. We use NAT when accessing the Internet. NAT is also useful for preserving the IPv4 lifespan, since Port address translation (PAT), can translate multiple private IPs into a single public IP.

Zac67
  • 90,111
  • 4
  • 75
  • 141
Carol Zafiriadi
  • 11
  • 1
0

Also, it should be noted that in a situation where there is a subnet, the new networks are divided by borrowing from the host portion of an IP and using some of the bits in the host to allocate towards new networks. In short, we are dividing bits that would otherwise be used as host bits into smaller networks so that there can ultimately be many more endpoints.

When a subnet is created, we define the network portion by the subnet mask or the CIDR notation. Using both the network ID and the subnet mask, a routing table can be created and packets can be sent to the correct node or nodes.

Linux Overthrow
  • 1
  • 2
0

NAT and subnetting are two different topics.

In IPv4, subnet mask is a-must for routing on each and every host, subnet and router to work well, regardless of their IP addresses being private or public. A host should know if it must send packets directly to the target, or via one of reachable gateways in its own subnet. The only way to calculate that is knowing size of its and other networks via subnet masks.

NAT on the other hand, is a transparent function on the gateway to solve internet accessibility issues for private addresses.

MTG
  • 211
  • 1
  • 3