9

As I know, NAT is the system, that divides IP addresses into two categories - public and private. Public represents the local network from the outside and private represents the device from the inside.

Subnetting divides one IP address into the part that represents the network from outside and the part that represents the device on the network.

Remembering that every IP addresses is 32 bit, having two of them (in NAT) gives an opportunity to use more IP addresses (both on the inside and on the outside), than in the situation with subnetting. Why would we need subnet masks then?

When I ask google for my IP from computer and from my phone, I see the very same public IP, and when I scan the local network with nmap, I see only private IPs.

So why do we need subnet masks, if we have NAT?

P.S. When the server sends out the signal to my PC, does it send it only to my public IP and the router remembers which private IP needs it, or does the server send out both, the public and the private IPs?

New Thing
  • 93
  • 1
  • 1
  • 3

7 Answers7

10

NAT and subnetting solve two different problems.

Problem 1: Previously IP addresses were divided into classes A, B and C. A class C address had a default subnet mask of 255.255.255.0 meaning 24 bits decide which network and the last 8 bits are for the host. With 8 bits for hosts you could have 2^8 - 1 = 254 IP addresses that are part of the same network.

Historically it was not recommended to have more than around 250 IPs on the same network because of broadcasts flooding the network which meant that class B networks, which have a default subnet mask of 255.255.0.0 with 16 bits for hosts, have way too many addresses for a single network. Even more so with a class A network.

Also most of the time we require many smaller networks with just a few hosts which is why we subnet. Subnetting is basically moving the boundary between the host and network part of the address. So by decreasing the number of addresses on each network, you can increase the number of networks.

Problem 2 is that, even with subnetting, we have way too few addresses for every device to get its own, which is why we've got NAT.

NAT or in this case PAT works by letting multiple private adresses share a single public IP address by mapping to a port number.

So, in the IPv4 address space, we have a few reserved blocks of addresses which are meant to be used locally on a private network, e.g. 192.168.0.0 with a subnet mask of 255.255.255.0. This network can be used on multiple sites at the same time because they are private and not allowed to be used on the Internet.

So when a device with a private IP wants to go out on the Internet, the private IP is mapped to a public IP address, together with a port number which means that multiple devices on a local network can share on a single public IP. This extends the number of devices that can access the Internet.

If the server is on the same network as your PC it will communicate with your private IP. If the server is on the Internet, it will communicate with your public IP on a specific port which your router maps to your private IP.

Jimmy
  • 606
  • 6
  • 10
  • 1
    A minor point: given modern PCs and network devices, limiting the number of hosts in a broadcast domain to 250 is not necessary. – Ron Trunk Mar 19 '16 at 16:08
  • True, I was a bit uncertain if I should have included that limit or not. I'll note that the limit was necessary historically but not any longer. – Jimmy Mar 19 '16 at 16:13
  • Is subnetting used only for private IPs and has nothing to do with servers? If yes, then why cant we assign any IP for any device on LAN (since it happens on a local network, what would be the difference between 192.168.0.20 and 100.100.100.100?)? – New Thing Mar 19 '16 at 16:28
  • 1
    Subnetting is for IPs in general no matter if private or public to adjust the size. Any Ip can be used on a local network but you are only supposed to use private adresses because if you use public adresses on a local private network, you won't be able to access the public hosts with the same ip. – Jimmy Mar 19 '16 at 16:33
  • @Jimmy why wouldnt I be able to access the public host with the same IP? – New Thing Mar 19 '16 at 16:36
  • 1
    Since you can't reserve a public ip for your local network that means that it will probably be used on the Internet as well as your private network. When a pc on your local network wants to reach a server on the Internet with an adress that you use on your private network, the request will go to your local pc instead of the Internet server because your router realises that your destination is available locally. – Jimmy Mar 19 '16 at 16:40
  • Note that all connections using UDP or TCP are to a specific port, so saying that NAT uses "your public IP on a specific port" doesn't actually distinguish it from using an ordinary public IP address. – David Richerby Mar 19 '16 at 21:08
8

Let me see if I can clear up some misunderstanding for you:

NAT is the system that divides IP addresses into two categories - public and private. Public represents the local network from the outside and private represents the device from the inside.

Not quite. NAT simply translates IP addresses from one set to another. As you use the terms, "public" means addresses that are globally unique and routable on the Internet. "Private" addresses are not globally unique and therefore not routable on the Internet. As NAT is normally used, your public address is the globally unique address that is the source address of all the packets you send on the Internet.

Subnetting divides one IP address into the part that represents the network from outside and the part that represents the device on the network.

Take out the phrase "from outside" and your definition is correct. Subnetting has nothing to do with "inside" or "outside." Networks exist both on the "inside" as well as "outside" and therefore you need a way to identify networks and how to reach them.

When I ask google for my IP from computer and from my phone, I see the very same public IP, and when I scan the local network with nmap, I see only private IPs.

You see the same IP because your router or firewall is translating the "inside" IPs of your phone and PC to a single public source address as your packets flow through the router. When the return traffic flows through the router, it translates the destination address to the addresses on your PC or phone.

When the server sends out the signal to my PC, does it send it only to my public IP and the router remembers which private IP needs it, or does the server send out both, the public and the private IPs?

IP packets only have a source and destination address, which on the Internet can be considered "public" IPs. The server has no idea if you are using NAT or not. Yes, your router keeps track of the translation.

Remembering that every IP addresses is 32 bit, having two of them (in NAT) gives an opportunity to use more IP addresses (both on the inside and on the outside), than in the situation with subnetting. Why would we need subnet masks then?

I confess I'm not sure of the point you're trying to make here, or how you believe NAT would allow more addresses. Your private address may be 192.168.1.100, translated into a public address. My private address is also 192.168.1.100 translated into a different public address.

Ron Trunk
  • 67,450
  • 5
  • 65
  • 126
  • 2
    Your answer would be improved (and I think the questioner would get some more clarity) if you explained how the edge router/firewall does the translation: with port mapping. It takes 192.168.1.100 (say) on the outbound packet, and sends it as from itself (x.x.x.x) but using port 123456. When it receives packets back on port 123456, it knows to map this back to the internal IP address it knows for that port. – ErikE Mar 21 '16 at 00:00
  • Well, I think you just did :). Actually, I think the confusion is more about the necessity of subnetting and routing than NAT. But you make a valid point. Thanks. – Ron Trunk Mar 21 '16 at 00:56
  • I think this explanation may do more for the OP than expected, especially the confusing part about "two IP addresses"--clarifying that only one originating IP address goes out in the outbound packet--the public one. – ErikE Mar 21 '16 at 00:58
  • @RonTrunk "you need a way to identify networks" What's the difference if I want to reach 166.6.6.6 vs 166.6.6.6/32 vs 166.6.6.6/8? Why does the router need to know subnetmask? If the router doesn't need this info, then why I can't play my LAN games when I set the wrong subnet mask 20 years ago? – Sida Zhou Jun 28 '21 at 09:22
  • @SidaZhou They are all the same address, but your local router needs to know if 166.6.6.6 is directly connected or needs to be forwarded to another gateway. – Ron Trunk Jun 28 '21 at 12:08
3

The internet was built without NAT: it's a later invention. NAT imposes three very strict limitations on networks. Firstly, you can't address hosts behind NAT directly. Secondly, there must be a single gateway linking the network to the rest of the internet. Thirdly, the gateway must track the TCP source and destination ports of every connection through it.

In the internet core, there are a large number of networks that have more than one gateway. The gateways are not aware of one another's network traffic, and they are stateless: they do not track the TCP sequence numbers of every connection through them. This greatly improves their performance. How is a packet routed through the correct gateway to the correct network? Via routing tables, which match the network prefix.

pjc50
  • 321
  • 1
  • 4
2

The OP is mixing 2 very different concepts. Subnetting is a routing concept that allows for segmentation and a hierarchical routing structure. Think in terms of a phone number with (areacode) Exchange-terminal. In routing there is an Autonomous System Number (areacode) Network (exchange) and host (-terminal). If you think in those terms, the subnet mask determines the size of the exchange-terminal range. This is what routing protocols use to send packets to and from the correct addresses.

As noted above, a NAT translates between 2 networks that cannot route between them. In most cases this is between the public internet address and the private RFC1918 private space that can be used over and over in different locations. The NAT device keeps track of which flows map to the address and ports on two sides of the network space. While this is in your router, which is the IP layer, it is not a function of routing, but works at the transport layer.

Hope this helps

Kevin
  • 91
  • 3
1

Subnetting is helpful for dividing a network into smaller networks. This is more efficient than traditional classful IP addressing. Data travels faster and more efficiently.

NAT (Network Address Translation)is a protocol that translates a private IP into a public IP. We use NAT when accessing the Internet. NAT is also useful for preserving the IPv4 lifespan, since Port address translation (PAT), can translate multiple private IPs into a single public IP.

Zac67
  • 84,333
  • 4
  • 69
  • 133
  • "Subnetting is helpful for dividing a network into smaller networks." Not exactly. Subnetting borrows from the host bits to make a larger network with fewer hosts. The network of the address gets larger, e.g. subnetting a /22 network into /25 networks means that the network grows by three bits, shrinking the host by three bits. This two-part answer has a specific section explaining it. – Ron Maupin Dec 19 '22 at 19:08
  • @ilkkachu, the address has two parts: network and host. /25 has a larger network than /22, but a smaller host. That means /22 can have more host addresses than /25, but the network of the address is three bits smaller. – Ron Maupin Dec 22 '22 at 18:55
  • @ilkkachu No, you are confusing the network with the host. The network is larger but the host is smaller. You are trying to equate the network with the host. The network is larger and the host is smaller with the /25. We are talking about addressing, and there are two parts to the address. Do not mix them. – Ron Maupin Dec 22 '22 at 19:03
  • @ilkkachu No, you are calling the host of the address the network, but that is backwards. In an address, the network is the all-zeroes address, and it is defined by a bitwise AND of the address with the network mask. The host is defined by a bitwise AND of the NOT of the network mask and the address. You are calling the host the network. – Ron Maupin Dec 22 '22 at 21:16
  • @ilkkachu, my first comment is about subnetting, where you borrow address bits from the host, making a smaller host and a larger network. That is the entire point of what subnetting does. You get more, larger networks with smaller hosts by subnetting a network address. With exactly 32 bits divided between network and host, a smaller network means a larger host, and a larger network means a smaller host. Subnetting is just moving the dividing line between the network and host to give a larger network with smaller host. Aggregation is moving the dividing line to give a smaller network. – Ron Maupin Dec 22 '22 at 22:18
0

Also, it should be noted that in a situation where there is a subnet, the new networks are divided by borrowing from the host portion of an IP and using some of the bits in the host to allocate towards new networks. In short, we are dividing bits that would otherwise be used as host bits into smaller networks so that there can ultimately be many more endpoints.

When a subnet is created, we define the network portion by the subnet mask or the CIDR notation. Using both the network ID and the subnet mask, a routing table can be created and packets can be sent to the correct node or nodes.

  • 1
    when there is a subnet might be misleading - if you split an already used network into subnets you cannot continue using that original network prefix but must replace it by one of those subnets. Prefixes must always be unique and cannot overlap. – Zac67 Jan 25 '22 at 07:31
  • ...But the networks can still communicate through proper static routing on an attached router or switch. You mean to say that the hosts can't easily communicate. I see what you're saying either way. The hosts on network A can't communicate with network B without proper routing tables being configured. I guess my question now is, what do you mean by "use"? – Linux Overthrow Jan 25 '22 at 07:42
0

NAT and subnetting are two different topics.

In IPv4, subnet mask is a-must for routing on each and every host, subnet and router to work well, regardless of their IP addresses being private or public. A host should know if it must send packets directly to the target, or via one of reachable gateways in its own subnet. The only way to calculate that is knowing size of its and other networks via subnet masks.

NAT on the other hand, is a transparent function on the gateway to solve internet accessibility issues for private addresses.

MTG
  • 211
  • 1
  • 3