In this Cisco CCNA tutorial, I’ll give you an overview of IPv4 address exhaustion and Network Address Translation (NAT). Scroll down for the video and also text tutorial.
Cisco IPv4 Address Exhaustion and NAT Video Tutorial
Timo Poelen
This course got me hooked! Very professional course, you can see he has a lot of teaching experience. Also, Neil has a massive load of networking experience which benefits every student. It is well paced, easy to follow and the topics are thoroughly explained.
The sections start with fundamentals, then it goes more in-depth on the topic (with live-demo’s!) and it ends with lab exercises for you to complete which is a perfect order to learn quickly. Topics I used to struggle on, were now made perfectly clear thanks to Neil.
If you have any questions, you WILL get a reply within 24 hours from him. He really cares! This has been my best course experience so far.
I actually passed my CCNA exam yesterday with a score of 908!
RFC 1918 Private Addresses
The Internet Engineering Task Force (IETF) document standards with RFC, and RFC 1918 specifies private IP address ranges, which are not routable on the public Internet. So, if you send traffic with a destination address that is a private IP address out to the Internet, then the service provider routers will just drop that traffic.
Private addresses were originally designed for hosts, which should have no Internet connectivity. For example, maybe it's a university, and they need to have connectivity between the hosts internally, but they don't want the students to have any Internet access.
Public IP addresses cost money. So, if an organization is a part of their network where the hosts need to communicate with each other over IP but they don't need outside connectivity to the Internet, then they can assign those hosts private IP addresses.
RFC 1918 private IP address classes and ranges:
- Class A – 10.0.0.0/8
- Range: 10.0.0.0-10.255.255.255
- Class B – 172.16.0.0/12
- Range: 172.16.0.0-172.31.255.255
- Class C – 192.168.0.0/16
- Range: 192.168.0.0-192.168.255.255
The IPv4 Global Address Space Problem
Now, the designers of IPv4 did not envision the explosive growth of its use, and 4.3 billion addresses seemed more than enough. They didn't know that everybody would be wanting to get on the Internet and not just with one device, but with their laptop, their mobile, their tablet, etc., and that's just personal users. We've also got all the business users as well.
Therefore, the 4.3 billion addresses seemed like they were going to be more than enough. But of course, it wasn't. Also, those 4.3 billion addresses—that's just a theoretical limit. It doesn't actually get anywhere near that with the usable addresses because the protocol is not particularly efficient in its use of the available space, and many of those addresses are wasted.
IPv6
The Internet authorities started to predict address exhaustion in the late 1980s, and IPv6 was developed in the 90s as a long-term solution to this problem. IPv6 users have a 128-bit address compared to IPv4's 32-bit address.
The IPv6 address is 4x as long when you write it down. But it's not just a 4x bigger address space. IPv6 actually provides more than 7.9x10 to the power of 28 times as many addresses as IPv4. That's way, way more addresses than are available in IPv4, and the idea is that the IPv6 address space will never run out.
The IPv6 Problem and NAT
A problem is that there's not a seamless migration path from IPv4 to IPv6. IPv6 is not backwards compatible with IPv4. There's not an easy way to change from one to the other.
Therefore, Network Address Translation (NAT) was implemented as a temporary workaround to mitigate the lack of IPv4 addresses until organizations had time to migrate to IPv6. The original idea with using NAT for this was that it was just going to be temporary until everybody had time to change to IPv6. But it's actually turned out to be more of a long-term solution in the real world.
An organization can use private IP addresses on their inside network when they're using NAT but still grant their hosts Internet access by translating them to their outside public IP addresses. That's the translation. Many hosts on the inside can share a few or a single public IP address on the outside.
Private Addresses and NAT
Let's look and see how that works. We've got Office A, which is actually a company, on the left, and Office B on the right.
You can see that both companies are using the same private IP addresses. They're using 192.168.10.0/24. That's not a problem. There's no conflict because the private IP addresses are just used on the inside. They're not used for traffic when it's going between the companies on the outside.
You can also see that the companies are reusing public IP addresses here as well. Office A got 200 hosts on the inside, but they've only got 14 public addresses. That's the range 203.0.113.1/28. Office B only got 6 addresses, but they've got 100 hosts on the inside.
Your public IP addresses cost money, so it's good that we don't need to pay for a public IP address for every host on the inside. Also, that wouldn't work anyway because of the lack of IPv4 addresses. So NAT solves that because we can use those private addresses on the inside, and they can share multiple, the same IP, public IP addresses on the outside.
Today’s Networks
Many industry experts predicted in the early 2000s that IPv6 would be ubiquitous within a few years, that everybody would be using it, but it hasn't actually worked out that way. Most normal enterprises today are using RFC1918 IPv4 addresses with NAT. They're not using IPv6 at all.
RFC1918 has the security benefit of hiding inside hosts by default. But on a private IP address, they don't have a publicly available IP address, so it's not possible for attackers on the inside to directly connect to them from the outside. That makes things more secure.
Plus, network engineers have more experience with IPv4 than IPv6. Like I said, most places are just using IPv4 a day. IPv6 is very different from IPv4, and people tend to not like change. Engineers are comfortable already working with IPv4.
NAT is working great as a workaround, as a solution. So that's why the uptake of IPv6 hasn't actually been as quick as people were originally expecting.
Additional Resources
Configure Network Address Translation: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html
What is NAT (Network Address Translation)?: https://study-ccna.com/what-is-nat/
What Is Network Address Translation (NAT)?: https://www.cisco.com/site/us/en/learn/topics/networking/what-is-network-address-translation-nat.html
Libby Teofilo
Text by Libby Teofilo, Technical Writer at www.flackbox.com
Libby’s passion for technology drives her to constantly learn and share her insights. When she’s not immersed in the tech world, she’s either lost in a good book with a cup of coffee or out exploring on her next adventure. Always curious, always inspired.