At Milpower Source, our technical team often get questions on how to more easily manage the “networks” now living and communicating on every mobile military vehicle. Implementation teams and integrators are faced with the daunting task of managing hundreds of networks that are the same set of devices just repeated in every mobile vehicle.
Trying to assign and manage IP addresses to every device on these mini networks would be a challenge for even the best IT teams. But, there is a way to manage IP address assignments and still provide the security needed on these networks that carry very sensitive data.
Today, we are going to talk about network address translation (NAT) and how it can help you easily assign and manage IP addresses throughout a mobile military network. NAT was introduced to networking to address the looming problem of an IP addresses shortage because of the exponential rise of “connected” devices relying on IP addresses.
To read more Ethernet blogs from Ronen Isaac, click here.
When computers and servers within a network communicate, they need to be identified to each other by a unique address, in which resulted in the creation of a 32 bit number, and the combinations of these 32 bits would accommodate for more than 4 billion unique addresses, known as IP address. Because of the explosion of connected devices, the IT world was, unbelievably running out of those 4 billion unique addresses.
To circumvent this problem, a temporary solution was produced known as NAT. NAT resulted in two types of IP addresses, public and private. A range of private addresses were introduced, which anyone could use, as long as these were kept private within the network and not routed on the internet. The range of private addresses known as RFC 1918 are:
Class A 10.0.0.0 – 10.255.255.255,
Class B 172.16.0.0 – 172.31.255.255, and
Class C 192.168.0.0 – 192.168.255.255.
NAT allows you to use these private IP address on the internal network. Assuming each vehicle is considered a private network, you would assign a unique IP address in one of these ranges to all your computers, servers, and other IP driven resources, usually done via DHCP. Then you could roll out the same address scheme on each vehicle. Using the same range of IP addresses on each vehicle does not cause them to conflict with each other because each vehicle is private to their network.
However, when internal hosts needs to communicate to the public network (Internet) then this is where a public address comes into the equation—a WAN address. This address is a routable public address everyone can see, which would represent your network gateway. This public address would be unique, no one else would use this address.
To clarify: When a host on the on an individual vehicle needs to communicate with another device on the vehicle, it would use the internal IP address. When the host needs to communicate outside its private network, it would use the public IP address on the network’s gateway to identify itself to the rest of the world.
The translation of converting a private IP address to public is done by NAT. For example a computer on a vehicle has an internal address of 192.168.255.255 and wants to communicate with a central host back at command using the internet, NAT would translate the address 192.168.255.255 to the vehicle’s public WAN address, say 1.1.1.1 for example. So, the internal address is identified as the public address when communicating with the outside world.
When the central host back at command needs to reply to this vehicle computer, it needs to send back to the public address of 1.1.1.1. NAT would then use its records to translate the packets received from the command host that was destined to 1.1.1.1 back to the internal network address of 192.168.255.255 — the computer who requested the original info.
You garner three benefits from NAT.
1) It would reduce the number of IP addresses you use and have to keep track of.
2) It would allow you to set up every vehicle with the same private IP address which will make implementation and management much easier.
3) Stronger security by hiding these private vehicle device IP addresses from the outside world and only the WAN public address on external interface of the firewall or router can be seen, and nothing beyond it.