What is port address translation (PAT)?
Port address translation (PAT) is a type of network address translation (NAT) that maps a network's private internal IPv4 addresses to a single public Internet Protocol address by using network ports. NAT is a process that routers use to translate internal, nonregistered IP addresses to external, registered IP addresses. PAT differs from other forms of NAT because it uses port numbers when mapping private IP addresses to a public IP address, which is the address seen by external systems.
Port address translation is also called porting, port overloading, port-level multiplexed NAT and single address NAT. PAT is the most common form of NAT used in most homes and small and medium-sized businesses.
PAT was introduced as a way to conserve IPv4 addresses until a more permanent solution could be implemented. This solution eventually came in the form of IPv6. However, IPv4 is still used extensively in network communications, so PAT continues to be relevant. PAT also helps to provide better security on the local network by hiding the internal IP addresses from public view.
The use of port numbers is integral to a router's ability to implement PAT because they provide a mechanism for translating the internal IP addresses to the external address and vice versa. The port number is appended to the external IP address to distinguish different connections to the same address. For example, if a router's external IP address is 192.168.35.4, outside connections might use addresses such as 192.168.35.4:37, 192.168.35.4:148 or 192.168.35.4:1637 to communicate with specific devices on the internal network.
A router can use either Transmission Control Protocol or User Datagram Protocol port numbers to implement PAT. Because the port numbers are based on a 16-bit encoding, a router can theoretically support up to 65,536 port numbers per external IP address, although the practical limit is much less. Even so, a single registered IP address can connect to thousands of internal devices. To facilitate this process, the router maintains an address translation table that maps the internal IP addresses to the external IP address, incorporating the port numbers into the mapping.
How does port address translation work?
Like other types of NAT deployments, PAT is implemented by positioning a PAT-enabled router between the inside and outside network, as shown in Figure 2. The inside network is the internal network, such as an organization's local area network or an individual's home network. Everything else is considered the outside network. For example, when you view a webpage on your computer, you are connecting from your inside network to the outside network where the web server resides.
Each device connected to the inside network receives a private IPv4 address, which is referred to as the inside local address. In Figure 2, three computers have been assigned inside local addresses: 10.0.1.2, 10.0.1.3 and 10.0.1.4. The addresses are used for communications on the inside network, whether between the computers themselves or between the computers and the router.
The router is configured with an inside local IP address, 10.0.1.1, which is connected to the local network and is what other devices use to connect to it. This can also be considered the other device's gateway address. The router also has an external or public IP address, 34.120.117.196, which is the public-facing address used to connect to devices on the internet.
To support the PAT process, the router maintains an address translation table that maps the inside local addresses and ports to a specific combination of the public IP and port number. The port numbers are unique to each connection between the inside network and outside network. In this way, the router can map the inside global address to each connection, even when the same computer initiates multiple connections.
For example, 10.0.1.2 requests data from techtarget.com:443 and opens port 10.0.1.2:1487 for replies. The router intercepts this and forwards it, but it says that replies should go to 34.120.117.196:65002 and makes the mapping of 10.0.1.2:1487=34.120.117.196:65002. The next computer also requests data from techtarget.com:443 and opens port 10.0.1.3:1489. The router changes this to say 34.120.117.196:65003 and makes the mapping of 10.0.1.3:1489=34.120.117.196:65003. When the web server sends its replies to 34.120.117.196:65002 and 34.120.117.196:65003, the router gets them and forwards them to the correct internal computer.
Most home networks use PAT to connect internal devices to the internet. In such a scenario, the internet service provider assigns a public IP address to the network's router. The router, in turn, assigns a private internal IP address to each device on the inside network. When one of those devices connects to a resource on the internet -- i.e., the outside network -- the router assigns a port number to the connection. The port number is appended to the public IP address so that the connection has a unique address.
This process is repeated for each device on the inside network, whether a laptop, tablet, smartphone or other type of smart device. In this way, all devices on the inside network can share the same public IP address even if they access the internet at the same time. The router knows exactly which device to send specific packets to because of the unique port number that has been assigned to each connection.
What is the difference between NAT and PAT?
NAT is the general term for whenever IP address translation is needed between devices on different networks. PAT is a method of implementing NAT using port numbers. PAT is the most common form of NAT.
Other methods of implementing NAT include the following:
- Static NAT.
- Dynamic NAT.
- Carrier-grade NAT.
- Deterministic NAT.
Port address translation advantages and disadvantages
Port address translation has its benefits and drawbacks.
Port address translation advantages
- Ability to serve hundreds of devices from a single public IP address.
- Simple implementation with no configuration.
- Increased security by hiding internal device details.
Port address translation disadvantages
- No direct inbound access allowed and requires the use of port forwarding.
- Issues with double NAT and real-time communication forwarding.
- Might require multiple public IP addresses to support several hundred clients.
- May not scale into tens of thousands of clients.
What is the difference between PAT and port forwarding?
Port address translation is a way for several internal devices to share a single public IP address. PAT is primarily concerned with internal devices connecting to external devices; it does not offer a way for an external device to send an unexpected request inbound. Port forwarding is a way to map a specific external port to a single internal IP address and port combination.
Port forwarding is used when an internal service needs to be accessible to external devices or the internet. This might be needed for a web or game server. Certain protocols may also benefit from having port forwarding configured.
When configuring a network, network administrators must choose between a static or dynamic IP address; learn what these IP addresses offer, and also explore their pros and cons. Learn about common network protocols and their functions.
