|| company | contact us | products | support | solutions | press | mail us | mail page|
Network Address Translation (NAT) is a standard IP service which allows for the translation of one IP address (typically private) into another IP address (typically public). ZYTRAX has enhanced NAT to provide a set of advanced services labelled SuperNAT. SuperNAT services include a powerful Proxy Service, Port Address Translation (sometimes called PAT) and Application Specific Gateways (ASGs) as well as other capabilities defined below.
The standard NAT service defined in RFC 1631. An Internal (non globally unique) IP address is translated into an External (Globally unique) IP address defined in a SNMP MIB table (TABLE mode). Up to 32 such entries may be defined. Air-Frame provides a number of powerful enhancements to standard NAT to create a set of services called 'SuperNAT'.
An External IP address of 0.0.0.0 is used by Air-Frame to indicate that no forwarding service for the Internal IP address is to be provided, thus barring the Host/PC from external communications.
The Air-Frame 'Thin Proxy' service allows the user to map ALL internal IP addresses (unlimited number) to a single External (Globally unique) IP address. The External IP address may be Static (Fixed) or Dynamic as required. This provides what Steam Packet Radio defines as a 'Thin Proxy'. The term 'Thin Proxy' is used to indicate that, as a consequence of using this approach, substantial increases in performance can be obtained versus the 'bloat ware' associated with many Classic (PC based) Proxies. A Web Page Caching service - provided by some Classic Proxies - is not provided by the Thin Proxy. The SuperNAT service allows user defined local hosts/PCs to be excluded from the NAT service.
SuperNAT allows the user to define a standard set of NAT translations (up to 32 Internal to External IP address mapping) and to designate one of the External IP addresses as a 'Thin Proxy' address i.e. ALL other Hosts/PCs not defined in the Internal to External map will use this as the 'Thin Proxy' IP address. This feature is particularly useful where the user has a limited range of external IP addresses available to service a large number of PCs. Some of the IP addresses can be used to provide externally visible services e.g. DNS, FTP, WEB servers or Video Conferencing locations (these are Excluded from the NAT translation). All other hosts will be mapped to a single IP address (they are included in the NAT translation). This feature can also be used to define a single static Proxy IP in a LAN to LAN proxy environment.
SuperNAT allows a Port Map (sometimes called PAT or Port Address Translation) to be defined (with up to 16 entries). The Port Map allows the user to indicate that requests for a specific Port (or Range of Ports) will be handled by (mapped to) a specific Internal IP address. Using the PORT MAP the user defines a port number (or port range) e.g. an FTP server, a Web server a DNS server etc., and the internal IP address that will service this request. This service allows a user with only a single External IP address to provide any combination of required services.
The Thin Proxy service detects and automatically enables requests from the local network for DHCP and NETBIOS services. This feature allows you to log into and access remote NETBIOS (or WINS) networks over the Internet or to use remote DHCP servers from behind the Proxy without the need for any further configuration.
The Proxy DNS feature is used in conjunction with the Thin Proxy service. This feature allows configuration all PCs with a proxy DNS address (typically the IP of your Router). As DNS request are sent through the router they are translated to use a user defined DNS(s). In the event of a DNS or ISP change a single change is made in the router configuration.
The Port Map feature is context sensitive (or 'statefull'). Many applications use secondary ports in their normal operation, that is they start communication using a 'well known' port but then transfer to another port. FTP specifically does this. The standard FTP 'well known' Port Number (21) is only the control port used to pass information e.g. filenames, directory names etc.. When the user selects a file to transfer, a new (random) port is set up at each end to handle the actual transfer. The Air-Frame Port Map feature inspects the FTP control commands, identifies the new port being opened, and automatically maps it to the same IP as used by the FTP control port.
NAT services are defined at the 'Logical Route' level. It is possible to define any Route to use NAT services. To illustrate, assume an Intranet where Air-frame is being used as an concentrator for a group of LAN and remote Hosts (PCs). These IP addresses communicate with each without using a NAT service (an Intranet). When external communication is required Air-Frame forwards the traffic to another LAN router. This LAN to LAN route is defined as the NAT route and uses a NAT service. There are many other network scenarios where this capability can be used to both increase efficiency and to provide flexible responses to network needs.