Understanding NAT Terminology – Inside Global and Outside Local

Posted on Posted in Networking, Security No Comments

NATNAT Terminology can be confusing.  Although it is imperative for network personnel to have a good grasp on these concepts, it is also helpful for the customer to have a basic understanding as well.

NAT translates IP addresses as they cross a boundary maintained by a router configured to perform the translation.  An address used on the inside of a private network may be different than an address used on the outside network, despite referring to the exact same host.  This is typically configured in order to conserve ip address space by making many private ip addresses reachable from the Internet by utilizing only one publicly routable ip address.  Specific terminology refers to the location of the host and reference network utilizing the words Inside|Outside and Local|Global.

The first word in each phrase combination , “INSIDE” is used to describe the location (not address, just residing location) of a host located inside the private network, and “OUTSIDE” is used to describe the location of a host residing outside that private network.

Adding to that logic, the second word in the NAT terminology phrases refers to perspective, identifying which part of the network a packet is traversing rather than a host location.   “LOCAL” refers to either host’s ip address as it appears in packets captured inside the local private network, and GLOBAL refers to either host’s ip address as it appears in packets captured outside the private network, i.e., in global, public space or the Internet.

So, an OUTSIDE LOCAL address would refer to a host residing “outside” the private network, but the actual ip address used to reach that outside host in a packet captured within the “local” private network would be whatever ip address the local network knows the outside host by.  Usually (but not always) this will be a publicly routable ip address.  It is typically not translated as it crosses the NAT router, so usually the OUTSIDE GLOBAL address will remain the same as it was when it was an OUTSIDE LOCAL address found inside the private network.  There are some exceptions for corner cases such as those in which translation between two private networks using the same address space is necessary.

An INSIDE GLOBAL address would refer to a host residing inside the private network as seen from the “global” public Internet perspective.  This address will typically be a global, publicly routable address.  Many inside hosts can use this same ip address with a “one to many” Port Address Translation mapping, which appends port numbers to the ip address to differentiate between unique Inside Local destinations.  The ingress port of the NAT router’s outside interface would listen for packets containing this INSIDE GLOBAL address and translate it to a private INSIDE LOCAL address as it crosses the NAT boundary and travels through the “inside” or private network.

written by Josh R Blaylock, Network Engineer – IT Solution Ramp

 

About

Josh Blaylock is a Network Engineer currently employed by IT Solution Ramp to provide consulting services to various small and medium sized businesses across Southern California.

Leave a Reply

Your email address will not be published. Required fields are marked *

*