Azure – Networking – Part 28 – Azure Virtual Network NAT (Network Address Translation)
Wish you all a very Happy New Year. Hope you all are doing good. In our last article we have discussed about, how to configure Azure Basic Load Balance. Today in this article, we will start with a new important Networking Service Network Address Translation (NAT).
Tool Installation Articles :
- Configure Azure Command Line Interface ( Azure CLI) On Windows
- Configure PowerShell For Microsoft Azure Az Module On Windows
Previous Azure Series :
- Learn Basics Of Microsoft Azure Storage services
- Learn Basic Of Azure Active Directory And Azure Identity And Access Management
- Azure DevOps – Learn at one place
If you have missed our previous articles on Azure Networking, please check it in following links.
Next Article : Part 29 – Azure Virtual Network NAT Gateway
Network Address Translation (NAT)
To access the Internet, one public IP address is required. But we can also use a private IP address in our own private network and then access internet using NAT concept. The concept of Network address translation (NAT) is to allowing multiple devices to access the Internet through a single public address. To achieve this, the translation of a private IP address to a public IP address is required.
How Network Address Translation (NAT) Works
NAT is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
In this process, one or more local IP address is translated into one or more Global IP address and vice versa in order to provide Internet access to the local hosts. Also, it does the translation of port numbers i.e. masks the port number of the host with another port number, in the packet that will be routed to the destination. It then makes the corresponding entries of IP address and port number in the NAT table.
Azure Virtual Network NAT
Azure Virtual Network Network Address Translation is a fully managed and highly resilient Network Address Translation (NAT) service. VNet NAT simplifies outbound Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses the VNet NAT’s static public IP addresses.
NAT can be configured for one or more subnets of a virtual network and provides on-demand connectivity for virtual machines.
Virtual Networks NAT is being released into general availability (GA) and provides the following capabilities:
On-demand outbound to Internet connectivity without pre-allocation
Fully managed and highly resilient
It provides strong security
One or more static public IP addresses for scale
Configurable idle timeout
TCP reset for unrecognized connections
Multi-dimensional metrics and alerts in Azure Monitor
Optional zone isolation for availability zones
NAT will not impact the network bandwidth of our compute resources
NAT is fully scaled out from the start
NAT supports TCP and UDP protocols only. ICMP is not supported
NAT cannot be associated to an IPv6 Public IP address or IPv6 Public IP Prefix
A NAT gateway resource can use a:
Public IP prefix
NAT allows flows to be created from the virtual network to the services outside our VNet. Return traffic from the Internet is only allowed in response to an active flow. Services outside our VNet cannot initiate a connection to instances.
NAT can't span multiple virtual networks
NAT cannot be deployed in a Gateway Subnet
With the above information, I am concluding this article. I hope this is informative to you. Please let me know if I missed anything important or if my understanding is not up to the mark. In our subsequent articles we will see more on Azure NAT configurations.
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. In our next article we will continue with the Lab exercise with configuring load balancer.
If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles.
Thanks for reading 🙂