Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCNP CCIE Complete : The Disadvantages of NAT

The Disadvantages of NAT

Nov 27,2008 by alperen

small font medium font large font
image

The Disadvantages of NAT
Now that we’ve sold you on using NAT in your network, you should be aware of the disadvantages
as well. The following is a list of some of the disadvantages of using NAT compared
to using individually registered IP addresses on each internal network host:

NAT increases latency (delay). Delays are introduced into the packet-switching process
because of the processor overhead needed to translate each IP address contained in the
packet header. The router’s CPU must be used to process every packet to decide if
Understanding Network Address Translation
81
the router needs to translate the IP addresses in the IP header. Depending upon the
type of traffic, NAT will change the IP addresses inside the payload, but this is on an
application-by-application basis.

NAT hides end-to-end IP addresses that render some applications unusable. Some
applications that use the IP address of the host computer inside the payload of the
packet will break when NAT translates the addresses in the IP header and not inside
the packet’s payload. As noted in the last bullet, this has been fixed somewhat, but this
is on an application-by-application basis and is not scalable in the long term.

Because NAT changes IP addresses, there is a loss in the ability to track an IP flow end-toend.
This does provide an advantage from a security standpoint by eliminating a hacker’s
ability to identify the packet’s true source. However, this slight increase in security is at the
expense of end-to-end accountability.

NAT also makes troubleshooting or tracking down where malicious traffic is coming from
more troublesome. This is because the traffic could be coming from a single user who is
using a different IP address depending on when the traffic passes through the NAT router.
This makes tracing back a malicious connection and making that person accountable much
more difficult.

Because a host that needs to be accessed from the outside network will have two IP addresses—
one inside local and one inside global—this creates a problem called split DNS. You need to set
up two DNS servers, one for global addresses and one for local addresses. This can lead to
administrative nightmares and problems if inside hosts are pointing to the DNS server with the
global addresses, because the host’s local peers are not accessible to it by those addresses. Also,
problems arise whenever outside hosts query the DNS server with the local addresses, the latter
case requiring additional translation or configuration before it can be possible.
1547 times read

Related news
» NAT Terminology
by alperen posted on Nov 27,2008
» The Elusive Terminology of NAT
by alperen posted on Nov 27,2008
» Overloading Inside Global Addresses
by alperen posted on Nov 27,2008
» NAT translating overlapping addresses
by alperen posted on Nov 27,2008
» The process of translating inside local addresses
by alperen posted on Nov 27,2008
Did you enjoy this article?
1 2 3 4 5
Rating: 3.00Rating: 3.00Rating: 3.00 (total 4 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.