What are public IP and private IP? What is NAT conversion?

1. Introduction

Programmers who develop network communication applications may often hear about external IP (i.e. Internet IP address) and internal IP (i.e. LAN IP address), but what is the difference between them? What is the relationship between them? In addition, insiders all know that when mentioning external IP and internal IP, we have to mention NAT routing conversion. So what are these two? This article will briefly explain what they are all about.

[[255789]]

2. Does every computer need a public IP?

Answer: No.

We all know that the number of IP addresses in IPv4 is limited (that's why we are working on IPv6 now). Every time a part of the addresses are allocated, it means that there are fewer IP addresses available for allocation. Moreover, with the rapid development of mobile phones, computers, etc., if every mobile phone or computer requires an IP address, then obviously the IP addresses are not enough.

In order to solve this problem, we can adopt the following strategy: For example, for a company, each company will have its own intranet (also called LAN).

An intranet (scientific name should be Local Area Network (LAN)) is a computer communication network that connects various computers, external devices, and databases within a local geographical area, which can be within a few meters (such as a home intranet) or within a few kilometers (such as a university intranet).

[[255790]]

The main functions of the intranet are:

• 1) Shared transmission channel: Simply put, it means that each computer does not need an external IP address;
• 2) High transmission rate: Computers in the intranet do not have the complexity of external network topology, so the communication between them can be very fast. For example, copying a file of several GB from one computer to another may only take tens of seconds.
• 3) Low bit error rate: Because the communication distance is very short, the bit error rate is very low. In other words, the network is very stable (older programmers know that when they were in college, they played C/S games in the same dormitory intranet and almost never encountered network disconnection or lag, unless someone downloaded porn or unplugged the network, haha).

3. How does the company's intranet implement intranet IP address allocation and management?

Suppose we assign an IP = 192.168.1.1 to Company A. Let's use this IP as the gateway of the company's intranet.

There are three computers in the intranet of Company A. If these three computers want to access the Internet, we need to assign them an IP address. So, as mentioned in the previous section: Do we really need to apply for three IP addresses to use?

No. We don't necessarily need to apply for three IPs. In our intranet, we can specify our own rules. For example, we can assign three IPs to the three computers at random (please note that these three IPs are not applied for, but I assign them at random). Assign computer A = 192.168.1.2, computer B = 192.168.1.3, and computer C = 192.168.1.4 respectively.

This rule can be managed by our intranet gateway as follows:

4. NAT technology: enabling intranet computers to access the external network

If computer A wants to access Baidu, we assume that Baidu's IP is: 172.168.30.3:

We all know that the IP of Computer A is fictional, and in fact there may not be such an IP. If you use the IP of Computer A to visit Baidu, it will definitely not work.

We also know that since Baidu and computer A are not in the same LAN, A must go through the gateway to access Baidu. The IP address of the gateway is real and can access Baidu.

In order to allow A to access Baidu, we can take this approach: let the gateway help A access, then Baidu passes the results to the gateway, and the gateway passes the results to A. Isn't this the solution?

However, computers A, B, and C may all ask the gateway to help them access Baidu, and the destination IP of the results returned by Baidu is the gateway's IP = 192.168.1.1. So how does the gateway distinguish whether the result is from A, B, or C?

When we visit Baidu, don't we need to specify a port? As long as we map A's IP + port to the gateway's IP + port, can't we uniquely identify it?

For example, if A uses port 60 to access Baidu, the gateway can map A's IP+port 60 to the gateway's IP+port 80, right?

After Baidu returns the results to port 80 of the gateway, the gateway can return the results to port 60 of A through the mapping table.

If B also uses port 60 to access Baidu, it can be mapped to port 90 in the same way.

This method of address mapping and conversion is also called Network Address Translation, or NAT for short.

We also call IP addresses like A, B, and C intranet IPs, that is, internal network IPs; and IPs like gateway and Baidu are called external network IPs (that is, Internet public IPs).

Therefore, a typical principle of intranet accessing the public network can be realized as shown in the following figure:

Do you know the external IP and the internal IP now?

5. Conclusion

In order to solve the shortage of IP addresses, technical experts invented intranet technology, and the theoretical support of intranet technology is NAT technology. Therefore, it is very necessary for programmers engaged in network communications to have a deep understanding of NAT technology.