Reverse Address and Port Translation: Difference between revisions

Template:Linkless

RAPt (Rehabilitation for Addicted Prisoners Trust) provides services to offenders with drug and alcohol dependencies in UK prisons. RAPt set up the first specialised prison based programme exclusively for drug and alcohol misusers in 1991. The RAPt programme is based on the 12 Step Minnesota Model that requires total abstinence from drugs and alcohol. Many offenders who have completed the RAPt programmes talk of doing the RAPt.

RAPt was established in 1991 as the Addicted Diseases Trust when Peter Bond, a recovering alcoholic, observed the success of abstinence based programmes in the United States. He, Jonathan Wallace and Michael Meakin, set up a charity to meet the needs of drug addicts in UK prisons.

RAPT (Reverse Address and Port Translation/IP Reachability Using Twice Network Address and Port Translation) or RAT is a variation of NAT , also refred to as NAPT under linux and PAT by Cisco.

IEEE [1] RAPT (Reverse Address and Port Translation) or RAT allows a host whose real IP address is changing from time to time to remain reachable as a server via a fixed home IP address. In principle, this should allow setting up servers on DHCP-run networks. While not a perfect mobility solution, RAPT together with upcoming protocols like DHCP-DDNS, it may end up becoming another useful tool in the network admin's arsenal.

IETF [2] RAPT (IP Reachability Using Twice Network Address and Port Translation) The RAT device maps an IP datagram to its associated CN and 0MN by using three additional fields: the IP protocol type number and the transport layer source and destination connection identifiers (e.g. TCP port number or ICMP echo request/reply ID field).

Cisco RAPT implementation is PAT (Port Address Translation) or overloading , and maps multiple private IP addresses to a single public IP address. Multiple addresses can be mapped to a single address because each private address is tracked by a port number. PAT uses unique source port numbers on the inside global IP address to distinguish between translations. The port number is encoded in 16 bits. The total number of internal addresses that can be translated to one external address could theoretically be as high as 65,536 per IP address. Realistically, the number of ports that can be assigned a single IP address is around 4000. PAT will attempt to preserve the original source port. If this source port is already used, PAT will assign the first available port number starting from the beginning of the appropriate port group 0-511, 512-1023, or 1024-65535. When there are no more ports available and there is more than one external IP address configured, PAT moves to the next IP address to try to allocate the original source port again. This process continues until it runs out of available ports and external IP addresses.

3COM U.S. patent 6,055,236 (Method and system for locating network services with distributed network address translation) Methods and system for locating network services with distributed network address translation. Digital certificates are created that allow an external network device on an external network, such as the Internet, to request a service from an internal network device on an internal distributed network address translation network, such as a stub local area network. The digital certificates include information obtained with a Port Allocation Protocol used for distributed network address translation. The digital certificates are published on the internal network so they are accessible to external network devices. An external network device retrieves a digital certificate, extracts appropriate information, and sends a service request packet to an internal network device on an internal distributed network address translation network. The external network device is able to locate and request a service from an internal network device. An external network device can also request a security service, such as an Internet Protocol security ("IPsec") service from an internal network device. The external network device and the internal network device can establish a security service (e.g., Internet Key Exchange protocol service). The internal network device and external network device can then establish a Security Association using Security Parameter Indexes ("SPI") obtained using a distributed network address translation protocol. External network devices can request services, and security services on internal network devices on an internal distribute network address translation network that were previously unknown and unavailable to the external network devices.