Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,506 --> 00:00:03,986 >> This last week my wife and I were cleaning out the garage, 2 00:00:04,276 --> 00:00:07,966 which we do on probably a quarterly basis when it gets all cluttered and you move it all out. 3 00:00:07,996 --> 00:00:12,026 So we were moving some stuff, and I kind of, I had to wiggle the water heater a little bit 4 00:00:12,156 --> 00:00:14,676 to move something behind it, and you know, continue on. 5 00:00:14,856 --> 00:00:20,306 So later that morning we found this giant puddle just, you know, all over the floor 6 00:00:20,306 --> 00:00:21,956 in the garage, and my wife was like, "What's this?" 7 00:00:21,956 --> 00:00:24,666 And I looked up, and sure enough the water heater is dripping 8 00:00:24,966 --> 00:00:30,006 because by wiggling I had broken one of the copper lines going to it, 9 00:00:30,006 --> 00:00:34,466 like there was just a pinhole leaking, and it just kind of sprang out, and I was like, "Oh." 10 00:00:34,466 --> 00:00:37,396 So we turn off the water, and my wife was like, "What have you got to do," and I was like, 11 00:00:37,846 --> 00:00:39,566 "Well, I'm afraid I'm going to have to solder that." 12 00:00:39,566 --> 00:00:41,606 Now let me tell you. 13 00:00:41,606 --> 00:00:46,336 Since I've learned to solder, like this was a year ago a friend of mine was like, "Oh, yeah, 14 00:00:46,336 --> 00:00:50,386 here's how you sweat the line, how you, you know, put the bead of solder in there, 15 00:00:50,386 --> 00:00:53,386 and like any chance to solder something, I'm like, "I'm there" [laughter] 16 00:00:53,536 --> 00:00:57,716 because it's awesome, and I came in and told my wife, I'm like, 17 00:00:58,116 --> 00:01:02,486 "There's not much that makes you feel like a man than soldering some copper pipe," 18 00:01:02,486 --> 00:01:07,416 and she laughed at me, but nonetheless, I soldered the line, and that's what NAT is to me. 19 00:01:07,416 --> 00:01:12,136 When I first learned how NAT, Network Address Translation, really works behind the scenes, 20 00:01:12,136 --> 00:01:16,226 I was like, "That's awesome," and any chance I could get, you know, I... 21 00:01:16,226 --> 00:01:20,526 we'd be at a friend's house and setting up a little link sys device for them or something 22 00:01:20,526 --> 00:01:24,566 to route their Internet connection, I'm like, "You want to know how that works?" 23 00:01:24,686 --> 00:01:26,556 And they'd, you know, always kind of look at me like... 24 00:01:26,556 --> 00:01:28,466 and I'd say, "No, let me show you. 25 00:01:28,536 --> 00:01:31,916 I want to show you how this works because it's amazing," and so NAT is one 26 00:01:31,916 --> 00:01:35,946 of those cool concepts, and through all the years, it still has not lost its luster. 27 00:01:35,946 --> 00:01:37,856 Now is its time short? 28 00:01:38,556 --> 00:01:43,446 Maybe. Now it may fade away some day as IPV6 takes hold, 29 00:01:43,726 --> 00:01:47,456 but I will say it is the staple of every network of the world. 30 00:01:47,456 --> 00:01:51,266 I would challenge you to find me a network in this world that is connected 31 00:01:51,266 --> 00:01:53,116 to the Internet that is not using NAT. 32 00:01:53,116 --> 00:01:56,426 They're out there, but I mean I probably could count them on one hand. 33 00:01:56,426 --> 00:01:59,026 So Network Address Translation is what we're all about. 34 00:01:59,026 --> 00:02:00,716 We're going to talk about how it works. 35 00:02:00,716 --> 00:02:02,536 Next nugget we'll tell you about how to set it up. 36 00:02:03,626 --> 00:02:06,276 Did you know that you could build your own Internet? 37 00:02:06,776 --> 00:02:11,486 All you have to do is go to your house and set up a network and then go to your neighbor 38 00:02:11,726 --> 00:02:13,456 and say, "Hey, you want to join my network?" 39 00:02:13,456 --> 00:02:17,396 And connect a cable to his house, and then tell him, "You've got to connect at least 5 neighbors 40 00:02:17,396 --> 00:02:19,116 to you," and so they connect their 5 neighbors, 41 00:02:19,116 --> 00:02:22,616 and you kind of start your own little pyramid Amway scheme or something like that, you know, 42 00:02:22,726 --> 00:02:25,796 all your neighborhood connected, and before long it keeps exponentially growing, 43 00:02:25,796 --> 00:02:27,796 and poof, worldwide span. 44 00:02:27,796 --> 00:02:31,216 You've got your own Internet because that's really all the Internet is, 45 00:02:31,216 --> 00:02:32,306 is just a big network. 46 00:02:32,306 --> 00:02:36,256 Instead of houses, it started with some college universities that are like, "Hey, 47 00:02:36,516 --> 00:02:39,396 let's share some files," and, you know, 4 universities connected together, 48 00:02:39,396 --> 00:02:42,586 and other college campuses were like, "Hey, let's jump in on that," 49 00:02:42,586 --> 00:02:46,626 and then a business partnered in, and they jumped in, and then .com came along, 50 00:02:46,626 --> 00:02:48,096 and someone was like, "We can sell stuff here? 51 00:02:48,136 --> 00:02:50,346 Woo." And then, poof, you know, Internet explodes. 52 00:02:50,346 --> 00:02:54,826 Everybody needs to be on there, and now it's one of the staples of every business is you have 53 00:02:54,866 --> 00:02:59,566 to have an Internet connection really anymore to do business in most locations. 54 00:02:59,566 --> 00:03:04,876 So the problem with that is we've now brought masses of devices and masses of equipment, 55 00:03:04,876 --> 00:03:08,506 and there's a limited scope on the IPV4 address space. 56 00:03:09,276 --> 00:03:15,326 There's not enough public IP address spaces or Internet valid IP addresses that are available. 57 00:03:15,356 --> 00:03:19,166 So management entities were created, and the government got involved and said, 58 00:03:19,166 --> 00:03:25,116 "Okay we will sell or provision blocks of IP addresses like, you know, we'll say the... 59 00:03:25,116 --> 00:03:26,186 I'm just throwing one out there... 60 00:03:26,186 --> 00:03:32,376 13.1.0.0/16, like that big block of IP addresses, 65,000 IP addresses, 61 00:03:32,376 --> 00:03:35,236 we're going to give that to some service provider." 62 00:03:35,236 --> 00:03:36,486 Let's just say AT&T. 63 00:03:36,486 --> 00:03:37,706 I'm just throwing one out there, right? 64 00:03:37,926 --> 00:03:41,236 So AT&T gets that, an then they provision it for their customers, and, 65 00:03:41,466 --> 00:03:44,266 you know, somebody signs up for a DSL... 66 00:03:44,266 --> 00:03:46,646 I don't even know if AT&T does DSL, but we'll go with it. 67 00:03:46,886 --> 00:03:52,296 A DSL connection from AT&T, and AT&T says, "Okay, you can have one of our IP addresses 68 00:03:52,296 --> 00:03:55,276 for a limited amount of time that you can use on your different devices." 69 00:03:55,276 --> 00:04:00,996 So, I mean, they had to have ways of provisioning and allocating these IP addresses 70 00:04:00,996 --> 00:04:06,846 because there are exponentially far more devices in the world today than there are IP addresses. 71 00:04:06,846 --> 00:04:12,446 Now with this management in place, we also had to have something 72 00:04:12,446 --> 00:04:16,466 that allowed people to create their own networks. 73 00:04:16,556 --> 00:04:21,476 Like, you don't want to have to go to some management entity and go, you know, 74 00:04:21,476 --> 00:04:25,196 to set up your house and say, "Hey, I'd to use, you know, 5 computers in my house. 75 00:04:25,196 --> 00:04:26,116 Is that okay?" 76 00:04:26,266 --> 00:04:28,256 I mean in the same way, take it this way. 77 00:04:28,516 --> 00:04:29,996 You ever bought a cordless phone? 78 00:04:30,186 --> 00:04:31,706 I mean, now, with cell phones, right? 79 00:04:31,706 --> 00:04:34,856 Everybody's like, well, whatever, but I mean cordless phone for your house, right? 80 00:04:34,856 --> 00:04:41,516 You don't have to go to the FCC and register for a broadcasting license for your cordless, 81 00:04:41,516 --> 00:04:44,626 you know, 900 megahertz phone, or whatever kind of phone you have 82 00:04:45,036 --> 00:04:48,736 because it is part of the unlicensed band. 83 00:04:48,736 --> 00:04:50,436 I mean, you are technically broadcasting. 84 00:04:50,436 --> 00:04:55,116 You're creating a signal that could interfere with others in the air, but the FCC, 85 00:04:55,226 --> 00:04:58,826 meaning the government entity of the United States that governs, you know, 86 00:04:58,826 --> 00:05:01,886 so nobody can just run their own radio station from home or something like that. 87 00:05:02,076 --> 00:05:08,426 They have said that 900 megahertz, 2.4 gigahertz, and 5 gigahertz are unmanaged bands. 88 00:05:08,426 --> 00:05:11,246 That's why you can set up your own little wireless network in your house. 89 00:05:11,246 --> 00:05:12,316 You don't have to register for that. 90 00:05:12,316 --> 00:05:18,366 So in this same way, with IP addresses, they said, "We need to let people set 91 00:05:18,366 --> 00:05:22,296 up their own networks without actually going to the government and saying, 'Can I do this? 92 00:05:22,296 --> 00:05:26,976 Am I allowed?'" So they came up with private addresses space I said that totally wrong... 93 00:05:27,356 --> 00:05:30,136 private address space, and you've seen these before, right? 94 00:05:30,306 --> 00:05:35,516 10.0.0.0 through 10.255.255.255. 95 00:05:35,516 --> 00:05:36,096 Once somebody... 96 00:05:36,096 --> 00:05:36,656 this is a weird one... 97 00:05:36,656 --> 00:05:45,166 172.16.0.0 through 172.31.255.255, and that's a little chunk in the middle there. 98 00:05:45,166 --> 00:05:48,746 This is Class A, this is Class B, and then Class C, those famous, 99 00:05:48,746 --> 00:05:52,376 do-do-do-do, toot the trumpets, 192.168. 100 00:05:52,376 --> 00:05:54,436 anything is considered private addresses. 101 00:05:54,436 --> 00:05:58,506 So like private, wireless frequencies, 102 00:05:58,506 --> 00:06:04,106 we can just use these addresses wherever we want because they're unmanaged. 103 00:06:04,106 --> 00:06:06,076 You don't have to have a license to use them, but... 104 00:06:07,036 --> 00:06:12,716 but, you know, let's say this is you and your company. 105 00:06:12,716 --> 00:06:19,146 You've created your own little world on, let's just say, 192.168.1.0/24. 106 00:06:19,146 --> 00:06:22,106 You know, you've got your own little server back here, your own little client. 107 00:06:22,106 --> 00:06:24,376 You've got your own little network that's working great, 108 00:06:25,196 --> 00:06:29,976 but the problem is 9 million people in the world are also using... 109 00:06:30,386 --> 00:06:31,786 probably 9 billion. 110 00:06:31,786 --> 00:06:32,866 Wait a second. 111 00:06:32,866 --> 00:06:35,606 I'm exceeding the population, but you get the point. 112 00:06:35,606 --> 00:06:40,376 Tons of people are using 192.168.1 in their home because it's unmanaged. 113 00:06:40,376 --> 00:06:46,156 So we have to have a way of hiding your network from the world and yet still allowing you 114 00:06:46,156 --> 00:06:50,146 to use this public world, and that's where NAT comes in. 115 00:06:50,146 --> 00:06:56,046 Network Address Translation at its root translates from a... 116 00:06:56,046 --> 00:07:00,666 well, let me just, you know, the technical definition, technically translates 117 00:07:00,666 --> 00:07:05,336 from one IP address to another, but really the big picture is it translates 118 00:07:05,336 --> 00:07:10,716 from private addresses, which work inside of your house and actually would work 119 00:07:10,716 --> 00:07:14,056 on the Internet if service providers would let them through, 120 00:07:14,376 --> 00:07:18,826 but it translates from private addresses to public addresses. 121 00:07:19,196 --> 00:07:22,686 Now let me say one more quick thing before we move on here. 122 00:07:23,066 --> 00:07:28,866 One of the biggest misnomers that I've heard, and you may have heard this, too, 123 00:07:28,866 --> 00:07:30,586 I just want to debunk this right now. 124 00:07:30,586 --> 00:07:32,426 A lot of people say, "Oh, yeah. 125 00:07:32,426 --> 00:07:35,756 Those are non-routable IP addresses." 126 00:07:35,756 --> 00:07:39,476 Have you ever that before, where somebody identifies those private addresses. 127 00:07:39,476 --> 00:07:41,076 "Oh, those are non-routable IP addresses." 128 00:07:41,356 --> 00:07:45,456 Totally not a good way to say it because they work perfectly fine. 129 00:07:45,456 --> 00:07:47,916 I mean, you can set up... 130 00:07:47,916 --> 00:07:49,456 Oh, I'm flabbergasted... 131 00:07:49,456 --> 00:07:54,506 I'm appalled at that because this entire series we've been setting up routing. 132 00:07:54,506 --> 00:08:01,986 I mean we went in OSPF and set up, you know, these routers on 192.168.1 and .2 and .3, 133 00:08:02,076 --> 00:08:05,246 and we said, "Okay, this can reach this," and we're routing those just fine. 134 00:08:05,246 --> 00:08:08,846 So if you're going to say they're non routable, I would say they're non routable 135 00:08:08,846 --> 00:08:12,406 but add in there, always add in, on the Internet. 136 00:08:12,936 --> 00:08:15,406 They're non routable on the Internet. 137 00:08:15,516 --> 00:08:20,966 Now even that, I'm like ew-w-w, because if they were to somehow get 138 00:08:20,966 --> 00:08:22,926 into the Internet, they would route just fine. 139 00:08:23,136 --> 00:08:30,246 What really happens is to be a service provider, to be an ISP, you are supposed to block, 140 00:08:30,356 --> 00:08:35,376 these are all considered RFC1918, and if you ever want to know what is the standard 141 00:08:35,376 --> 00:08:37,196 that specifies private addresses? 142 00:08:37,196 --> 00:08:41,886 RFC1918. It's the only way I can tell you off the top of my head, but as an ISP, 143 00:08:41,886 --> 00:08:46,676 you are supposed to block, you know, you've got your customer, we'll say, 144 00:08:46,676 --> 00:08:50,856 over here that is coming in, you are supposed to block all these addresses from coming in. 145 00:08:51,126 --> 00:08:52,356 There have been mistakes. 146 00:08:52,936 --> 00:08:59,156 ISP's have forgotten to block customer IP addresses, and the customer has forgotten 147 00:08:59,156 --> 00:09:04,036 to turn on NAT and to what the public addresses, and there have been cases, you can look them up, 148 00:09:04,156 --> 00:09:07,986 to where private IP addresses have gotten into the Internet, and it was actually so bad, 149 00:09:07,986 --> 00:09:12,146 it was over in Europe somewhere, that I can't quite remember the whole... 150 00:09:12,216 --> 00:09:17,726 This was a long time ago, but essentially there was one ISP that forgot to block their customer, 151 00:09:17,936 --> 00:09:21,696 and all these other ISP's trusted this ISP. 152 00:09:21,836 --> 00:09:26,046 So they didn't put the block here because they were like, "Well, why do block private." 153 00:09:26,046 --> 00:09:30,176 They were assuming that, you know, our ISP friend down there is blocking it. 154 00:09:30,176 --> 00:09:33,136 So we don't need to put those blocks here, and they actually had a case 155 00:09:33,136 --> 00:09:37,036 where like a whole chunk of Europe went down on the Internet 156 00:09:37,036 --> 00:09:39,346 because of these private addresses had leaked in there. 157 00:09:39,346 --> 00:09:40,526 Well, no more. 158 00:09:40,526 --> 00:09:42,766 I'm sure that's taught everybody a big lesson. 159 00:09:42,766 --> 00:09:45,996 So the point is that private addresses route great. 160 00:09:46,796 --> 00:09:50,816 They just are blocked from getting in from the Internet. 161 00:09:51,176 --> 00:09:56,386 When you think about NAT, you can think of it as an umbrella of three different flavors. 162 00:09:56,986 --> 00:09:59,976 You can have static NAT-very common. 163 00:10:00,556 --> 00:10:07,146 You can have dynamic NAT, which is not very common, and then you can have something 164 00:10:07,146 --> 00:10:08,956 that some people call it NAT overload. 165 00:10:08,956 --> 00:10:09,866 Some people call it PAT. 166 00:10:10,076 --> 00:10:15,636 That's probably the more common word , Port Address Translation, which is insanely common, 167 00:10:15,636 --> 00:10:18,806 like that's the staple that just about every business has. 168 00:10:18,806 --> 00:10:19,576 What PAT does... 169 00:10:19,776 --> 00:10:25,656 I'm going to talk about all 3, but I want to talk about the most popular one first 170 00:10:25,986 --> 00:10:28,776 because almost every business in the world uses it. 171 00:10:29,086 --> 00:10:33,946 What this one does is stretch an IP address further than I'm sure the founding fathers 172 00:10:33,946 --> 00:10:35,916 of the Internet ever thought it could go. 173 00:10:36,316 --> 00:10:37,306 So here's... 174 00:10:37,306 --> 00:10:40,366 let me give you the big picture concept of PAT. 175 00:10:40,536 --> 00:10:41,606 So what... 176 00:10:41,606 --> 00:10:45,516 every time you have a connection, and this, you know, to understand NAT you have 177 00:10:45,516 --> 00:10:47,896 to understand how devices communicate, right? 178 00:10:48,146 --> 00:10:53,426 So let's think back, I mean, go back to your old nugget number 5 or 6 of the series 179 00:10:53,426 --> 00:10:56,826 where we were starting to talk about, okay, communication, we've got a source IP address, 180 00:10:56,826 --> 00:11:03,336 let's just say 10.1.1.10, and we've got a destination IP address 10.1.1.100, 181 00:11:03,336 --> 00:11:08,906 no routers in the middle to garble this all up, and let's just say this is a web server, 182 00:11:09,086 --> 00:11:14,066 this is a client, and I open my web browser and try and access that, what happens? 183 00:11:14,296 --> 00:11:18,706 Well that's where we said, okay, the Windows, you know, Windows or Lenox or OX, 184 00:11:18,706 --> 00:11:22,566 whatever you're using here generates a source port number dynamically. 185 00:11:22,566 --> 00:11:25,746 It says, "Okay, I'm coming form the source 1000... 186 00:11:25,746 --> 00:11:28,136 well, let's just do 1892. 187 00:11:28,136 --> 00:11:32,266 It makes those up, and I'm going to a destination, now if this is a web server, 188 00:11:32,416 --> 00:11:35,326 I'm going to a destination of port 80, right, and we... 189 00:11:35,506 --> 00:11:38,416 I'm doing a little review here of early topics. 190 00:11:38,416 --> 00:11:41,206 We call that it creating a socket because this says, "Okay, 191 00:11:41,206 --> 00:11:51,276 I'm coming from the source 10.1.1.10:1892, and I'm going to the destination of 10.1.1.100:80." 192 00:11:51,516 --> 00:11:56,356 And when this guy communicates back he comes from the source of 80 and goes to a destination 193 00:11:56,356 --> 00:11:59,786 of 1892, and that's how Windows knows, oh, you're going to this, you know, 194 00:11:59,786 --> 00:12:03,696 Google Chrome window or whatever browser we happen to use to browse at. 195 00:12:03,696 --> 00:12:04,926 So that's how it works. 196 00:12:04,926 --> 00:12:06,196 Now you can... 197 00:12:06,196 --> 00:12:08,826 let's think a little bit further. 198 00:12:08,826 --> 00:12:10,746 How many port numbers are there? 199 00:12:10,746 --> 00:12:13,316 I mean, we picked 1892, but really, how many are there? 200 00:12:13,786 --> 00:12:20,916 Well for TCP and UDP there's 65,535 usable ports that you're able 201 00:12:20,916 --> 00:12:22,376 to work with, you know, outside of... 202 00:12:22,376 --> 00:12:26,546 I mean you can get into well known ports and blah, blah, blah, but I mean 65,000 ports. 203 00:12:26,546 --> 00:12:27,876 Now is this... 204 00:12:28,046 --> 00:12:28,496 question... 205 00:12:28,626 --> 00:12:31,206 is this computer ever going to tap that out? 206 00:12:31,976 --> 00:12:35,786 No. No. I'm like well... 207 00:12:35,916 --> 00:12:37,616 I always try and find the exceptions, right? 208 00:12:37,616 --> 00:12:41,086 No, it's not because you just can't open enough applications. 209 00:12:41,086 --> 00:12:45,146 That computer would crash long before it would max those things out. 210 00:12:45,386 --> 00:12:48,216 So the point is we have all these port numbers that we can use. 211 00:12:48,216 --> 00:12:50,206 Okay. Okay, we've established a foundation. 212 00:12:50,206 --> 00:12:53,426 Now here's how PAT works. 213 00:12:53,586 --> 00:12:55,236 We have a network. 214 00:12:55,236 --> 00:12:57,316 It could be, you know, 2 clients like we have here. 215 00:12:57,316 --> 00:12:58,266 It could be 100 clients. 216 00:12:58,266 --> 00:13:02,106 It could be 1,000 clients, whatever we have running inside of our organization, 217 00:13:02,546 --> 00:13:07,966 and we've got a router in place, let's say 192.168.1.1 is the default gateway 218 00:13:07,966 --> 00:13:12,426 of these guys, and we've got the public IP address assigned, 200.1.1.1, and this, you know, 219 00:13:12,426 --> 00:13:14,566 this would actually go to a router of the ISP... 220 00:13:15,166 --> 00:13:18,786 whatever ISP you are, and this default route would point out this way. 221 00:13:19,956 --> 00:13:21,456 So when this guy... 222 00:13:21,456 --> 00:13:27,466 let's go to this guy, and he opens a web browser, you know, Google Chrome and goes 223 00:13:27,466 --> 00:13:34,156 to a server out on the Internet-we'll just say it is CBTNUGGETS.com, and... 224 00:13:34,476 --> 00:13:37,066 if I can write. 225 00:13:37,066 --> 00:13:37,386 There we go. 226 00:13:37,576 --> 00:13:39,856 So he goes to CBTNUGGETS.com. 227 00:13:40,296 --> 00:13:44,246 He's going to automatically, just like we saw over there, generate its own source port number. 228 00:13:44,246 --> 00:13:47,676 So he's going to say, "Okay, Chrome, I'm going to generate source port... 229 00:13:47,676 --> 00:13:49,496 I'll use my diagram... 230 00:13:49,496 --> 00:13:52,376 6711." That's my source. 231 00:13:52,376 --> 00:13:56,256 That's where I'm going to, and I'm going to go to a destination of, let's just say, 232 00:13:56,256 --> 00:13:58,146 CBTNUGGETS.com because it's easy to write. 233 00:13:58,146 --> 00:13:59,416 It's 1.1.1.1. 234 00:13:59,516 --> 00:14:02,556 I'm going to go to a destination of 80, right there, right? 235 00:14:02,886 --> 00:14:07,956 So that request will come into the router that is configured to do PAT 236 00:14:08,236 --> 00:14:12,426 or NAT overload is what CISCO config calls it. 237 00:14:12,426 --> 00:14:15,746 So it receives that request and it goes, "Okay, I'm going to translate you 238 00:14:15,746 --> 00:14:19,726 because I know these private addresses do not work on the Internet. 239 00:14:19,726 --> 00:14:24,146 If I were to send you out as 192.168.50, the ISP would say [noise] 240 00:14:24,236 --> 00:14:25,886 and block you, and you would die right there. 241 00:14:25,886 --> 00:14:30,146 So I'm going to translate you to 200.1.1.1. 242 00:14:30,146 --> 00:14:35,396 Now the way I'm going to do that is I'm going to use your source port number to make you unique." 243 00:14:36,266 --> 00:14:36,886 You see what happens. 244 00:14:36,886 --> 00:14:41,376 So it creates a little table inside, and the table's actually bigger than this, but it says, 245 00:14:41,376 --> 00:14:46,276 okay the inside address, 192.168.1.50, it's like a spreadsheet inside the router, 246 00:14:46,426 --> 00:14:49,936 it's actually going to go to the outside address 200.1.1.1, 247 00:14:49,936 --> 00:14:52,516 and it's going to use that same source port number. 248 00:14:52,826 --> 00:14:57,466 So that way now it comes out as 200.1.1.1 goes to CBTNUGGETS.com. 249 00:14:58,166 --> 00:15:05,956 CBTNUGGETS sees it coming from the source of 200.1.1.1:6711 and, 250 00:15:06,106 --> 00:15:08,616 you know, sends the webpage back to that. 251 00:15:08,616 --> 00:15:10,876 It's received here on the router, goes, oh, okay, well, 252 00:15:10,876 --> 00:15:12,596 you're actually going back into this guy. 253 00:15:12,806 --> 00:15:17,946 So that's what allows this guy at the same time to open up a different web browser, well, 254 00:15:17,946 --> 00:15:22,716 Chrome, or I'm not talking about like Firefox or anything like that, 255 00:15:22,716 --> 00:15:26,576 but let's just say he opens Firefox or Chrome or whatever and goes to the same web. 256 00:15:26,576 --> 00:15:28,196 I mean, he could go to CBTNUGGETS.com. 257 00:15:28,366 --> 00:15:35,216 Well, his computer, it randomly grabs a port from 65,535, and it's going to say, "Okay, 258 00:15:35,216 --> 00:15:39,866 well I picked port 15396, and I want to go to CBTNUGETS.com." 259 00:15:39,866 --> 00:15:42,406 So he goes out to CBTNUGGETS.com. 260 00:15:42,406 --> 00:15:43,156 Are you following me here? 261 00:15:43,246 --> 00:15:44,466 And I want to make sure you catch me. 262 00:15:44,796 --> 00:15:48,156 So he generated his own source port. 263 00:15:48,156 --> 00:15:50,866 Windows did that for him behind the scenes. 264 00:15:50,866 --> 00:15:54,596 NAT kicked in and said, "Okay, I'm going to use that source port number so as you go 265 00:15:54,596 --> 00:15:58,316 through that router, I'm going to translate you to my public address, 266 00:15:58,316 --> 00:16:01,826 but I'm going to put a little colon 1536," and do you kind 267 00:16:01,826 --> 00:16:04,226 of get why it's called PAT, Port Address Translation? 268 00:16:04,226 --> 00:16:06,926 It's using the ports to make all these requests look unique, 269 00:16:06,926 --> 00:16:08,896 and I'm going to send you to CBTNUGGETS.com. 270 00:16:09,046 --> 00:16:14,206 If CBTNUGGETS.com gets a request from 200.1.1.1:6711 271 00:16:14,206 --> 00:16:16,236 and gets a second request at the same exact time... 272 00:16:16,236 --> 00:16:21,176 let's just say they did this at the same time because they both wanted their CBTNUGGETS, 273 00:16:21,176 --> 00:16:26,936 and it sees a request to 1536, it actually sees these as two unique requests. 274 00:16:27,996 --> 00:16:29,966 It doesn't see them as one IP address. 275 00:16:29,966 --> 00:16:31,316 It's like, "Whoa, this must be the same thing." 276 00:16:31,316 --> 00:16:35,616 No it looks at the port number, and it's like, "Oh, I've got two unique requests." 277 00:16:35,616 --> 00:16:38,826 So, okay, in theory, in theory... 278 00:16:38,996 --> 00:16:43,226 we're talking theory, we could use this one IP address 279 00:16:43,426 --> 00:16:47,826 to service 65,535 computers sitting behind there. 280 00:16:47,826 --> 00:16:53,346 You could share that to 65,535 devices in theory. 281 00:16:53,516 --> 00:16:55,746 Now here, let me now get to... 282 00:16:55,746 --> 00:17:00,786 I know a lot of you are analytical, and you're like, okay, okay, what if.... 283 00:17:00,926 --> 00:17:03,586 Let me see if I can predict a question rolling around in somebody's mind. 284 00:17:03,586 --> 00:17:04,506 I'm feeling you right now. 285 00:17:04,896 --> 00:17:12,116 You're going what if, 1 in 65,000 chance, this computer opens a web browser and goes 286 00:17:12,146 --> 00:17:15,796 to CBTNUGGETS and at the same time this computer opens a web browser and goes to CBTNUGGETS.com, 287 00:17:15,906 --> 00:17:18,986 and they just happened to pick the same port number. 288 00:17:19,226 --> 00:17:20,546 Did I read your mind? 289 00:17:21,266 --> 00:17:23,726 So both of them picked 65... 290 00:17:23,726 --> 00:17:26,976 6711. Not a big deal. 291 00:17:27,886 --> 00:17:28,986 Yeah, well how's it not a big deal? 292 00:17:29,286 --> 00:17:32,586 What the router does is just say, you know, let's say this guy got there... 293 00:17:32,586 --> 00:17:33,976 one of them's going to have to get there first. 294 00:17:33,976 --> 00:17:36,816 The packet, the router can't two packets at the same time. 295 00:17:36,816 --> 00:17:38,216 It has to have one in front of the other. 296 00:17:38,496 --> 00:17:41,616 So whoever gets there first gets the 6711. 297 00:17:42,196 --> 00:17:44,846 When this guy comes in, he's like, "Oh, I want 6711, too." 298 00:17:44,846 --> 00:17:46,956 The router's like, "Oh, like I don't have that. 299 00:17:47,246 --> 00:17:51,236 That's all right, I'm going to give you 6712." 300 00:17:52,006 --> 00:17:56,326 That's the next free one that I have in my list or whatever, the next open port. 301 00:17:56,456 --> 00:17:57,926 So these don't have to match. 302 00:17:57,926 --> 00:18:01,586 I mean you figure the router's got the big Excel spreadsheet thing going, right? 303 00:18:01,586 --> 00:18:03,856 It going to have to like, "Oh, well, oh no. 304 00:18:03,856 --> 00:18:04,276 I'm sorry. 305 00:18:04,276 --> 00:18:05,676 I don't have that available." 306 00:18:05,676 --> 00:18:06,546 It's totally fine. 307 00:18:06,836 --> 00:18:11,066 So it will increment that and life is good, and, you know, this guy, you know, 308 00:18:11,066 --> 00:18:14,806 so it's seen from CBTNUGGETS as 6712, but when it replies back, 309 00:18:14,806 --> 00:18:18,686 it's like, "Oh, well, 6712 is really 6711. 310 00:18:18,686 --> 00:18:19,836 So let me send that back to him." 311 00:18:19,836 --> 00:18:21,146 So that's how it works it all out. 312 00:18:21,146 --> 00:18:22,056 No biggie there. 313 00:18:22,426 --> 00:18:27,976 And, I know I was kind of like stretching it, making it sound like, oh, you know 1 in 65,000? 314 00:18:28,416 --> 00:18:32,916 Truth is, this happens all the time, all the time because... 315 00:18:32,916 --> 00:18:36,816 and this is where I go back to the theory-65,000 devices. 316 00:18:36,816 --> 00:18:39,286 It's a theory because when you open a device, let me show you. 317 00:18:39,426 --> 00:18:41,766 Let me show you this. 318 00:18:41,766 --> 00:18:49,546 I'm going to open a command prompt, and I'm just going to open a web browser to... 319 00:18:49,546 --> 00:18:50,826 how is it... 320 00:18:51,286 --> 00:18:52,136 technet right there, right? 321 00:18:52,136 --> 00:18:56,336 So let's go to the biggest waste of time website on the Internet, and msn.com. 322 00:18:56,586 --> 00:18:59,926 "Dozens injured after ferry hits NY city dock." 323 00:18:59,926 --> 00:19:03,236 So, you know, when I go here, this isn't just one website. 324 00:19:03,236 --> 00:19:04,996 I think I told you this early on in the series, right? 325 00:19:04,996 --> 00:19:07,356 I've got a webserver that gives you this picture. 326 00:19:07,516 --> 00:19:09,486 I've got these fancy looking ladies. 327 00:19:09,486 --> 00:19:10,526 I've got Geico. 328 00:19:10,526 --> 00:19:21,076 I mean, all of this webpage is just an assembly of, wow, this is creepy, but an assembly of... 329 00:19:21,076 --> 00:19:23,256 You ever see that movie with Will Smith, the... 330 00:19:23,996 --> 00:19:24,586 oh, where they... 331 00:19:24,586 --> 00:19:25,286 the creatures like [noise]. 332 00:19:25,286 --> 00:19:27,286 That's what the guy looks like. 333 00:19:27,286 --> 00:19:30,316 So it's an assembly of all kinds of different webpages. 334 00:19:30,316 --> 00:19:36,866 So when I go to the command prompt and type in netstat, I actually see all kinds... 335 00:19:36,866 --> 00:19:38,086 now look at this. 336 00:19:38,086 --> 00:19:39,136 Firefox with bing. 337 00:19:39,136 --> 00:19:39,606 That's funny. 338 00:19:39,606 --> 00:19:44,366 So there's all kinds of different servers that I was actually sent to for this one. 339 00:19:44,366 --> 00:19:44,936 Now look at this. 340 00:19:45,146 --> 00:19:50,426 These are all like my one computer used this and this and this and this and this and this. 341 00:19:50,426 --> 00:19:53,166 I mean these are all source port numbers, and it's kind of hanging up. 342 00:19:53,166 --> 00:19:56,986 The reason it's taking a long time is because it's trying to figure out what... 343 00:19:56,986 --> 00:19:59,956 well, actually because I clicked on there and it paused. 344 00:19:59,956 --> 00:20:03,796 It's trying to figure out what name each one of these IP addresses actually resolve to. 345 00:20:04,036 --> 00:20:07,736 So my one computer actually ended up using... 346 00:20:07,736 --> 00:20:09,736 I mean, the list continues to build, right? 347 00:20:09,736 --> 00:20:14,286 Probably, I don't know, 50 different port numbers just to go to msn.com 348 00:20:14,286 --> 00:20:16,316 and see the scary guy in the scene. 349 00:20:16,316 --> 00:20:19,636 So the truth is, I mean, you... 350 00:20:19,876 --> 00:20:24,146 in theory if every computer only went to one place and it only used one port number, yes, 351 00:20:24,146 --> 00:20:29,276 we could get the 65,000, but nowadays, I mean, you're probably with people web surfing, 352 00:20:29,276 --> 00:20:34,246 you could probably stretch this to maybe 300, maybe, you know, 500. 353 00:20:34,246 --> 00:20:39,176 It depends on your web surfing people, how many people are wasting life on msn.com 354 00:20:39,176 --> 00:20:41,626 versus doing work and all at the same time, and, I mean, 355 00:20:41,626 --> 00:20:44,206 these things time out after a certain amount of time. 356 00:20:44,206 --> 00:20:48,576 So your mileage may vary but you can add multiple IP addresses to this pool 357 00:20:48,576 --> 00:20:52,706 that when one maxes out on port numbers, the next one jumps in there and takes over, 358 00:20:54,146 --> 00:20:56,606 but I digress into a lot of the specifics. 359 00:20:56,606 --> 00:20:58,816 I just want to answer a lot of the questions I know rattle 360 00:20:58,816 --> 00:21:00,336 around people's mind when I bring this up. 361 00:21:00,466 --> 00:21:04,976 At its root, if I could clear this up, this is how PAT works. 362 00:21:04,976 --> 00:21:09,946 This is how you can use one IP address for many internal ones is 363 00:21:09,946 --> 00:21:12,876 by sharing it using the magic of port numbers. 364 00:21:13,986 --> 00:21:18,616 Now I have a different slide for static NAT, but let me talk about dynamic really quick 365 00:21:18,616 --> 00:21:21,606 because it's similar to PAT but not really. 366 00:21:21,876 --> 00:21:29,036 So dynamic, what it allows you to do is specify a pool of addresses that we could... 367 00:21:29,036 --> 00:21:33,396 we'll just say they are public and a pool of private addresses. 368 00:21:33,396 --> 00:21:36,126 You know, we'll call it pool-private, and what you can do 369 00:21:36,126 --> 00:21:40,876 with that is have one-to-one translations going through it. 370 00:21:40,876 --> 00:21:47,606 So let's just say I say my private pool is 192.168.1.0 through 250, 371 00:21:47,606 --> 00:21:52,226 and I say my public pool is actually 200.1.1., 372 00:21:52,226 --> 00:21:54,506 well let's just say 1 to 250 because you can't use 0. 373 00:21:54,506 --> 00:21:55,936 So 1 to 250 over here. 374 00:21:56,186 --> 00:21:57,986 So what will happen is, you know, the very first one 375 00:21:57,986 --> 00:21:59,736 to go through, will get the first address here. 376 00:21:59,736 --> 00:22:01,496 The second one to go through will get the second address. 377 00:22:01,496 --> 00:22:08,746 It's just a series of one-to-one links made between the public and private IP addresses. 378 00:22:08,746 --> 00:22:10,926 Now you don't really get any savings. 379 00:22:10,926 --> 00:22:13,996 It's not like you save IP addresses when you do this, 380 00:22:13,996 --> 00:22:16,486 which is the reason why it's not used too often. 381 00:22:16,726 --> 00:22:20,496 The main place dynamic NAT is used, and it's not something we get into here, 382 00:22:20,766 --> 00:22:22,746 is where you have overlapping addresses. 383 00:22:22,856 --> 00:22:24,586 So let me give you a scenario. 384 00:22:24,586 --> 00:22:32,886 Let's say you've got organization A over here that uses, let's just say 10.1.0.0/16, 385 00:22:32,886 --> 00:22:37,926 and you've got organization B over here that uses the same address range, right? 386 00:22:37,926 --> 00:22:41,516 And organization A does a hostile takeover and buys organization B. 387 00:22:41,586 --> 00:22:44,846 So I don't know why I add hostile into there. 388 00:22:44,846 --> 00:22:45,876 It's just part of my nature. 389 00:22:46,336 --> 00:22:51,576 So what you can do is you can introduce a router in between that uses dynamic NAT 390 00:22:51,576 --> 00:22:58,766 to where organization A looks like, we'll just say, 10.2.0.0/16 to organization B, 391 00:22:58,926 --> 00:23:03,986 and organization B may be looks like 10.3.0.0 to organization A. So that way, 392 00:23:04,316 --> 00:23:08,786 you can kind of merge the two and they don't really know they have overlapping addresses 393 00:23:08,786 --> 00:23:11,846 because NAT is hiding it with this pool. 394 00:23:11,846 --> 00:23:16,346 You create a pool of addresses in 10.2 then line it up to organization A and create a pool 395 00:23:16,346 --> 00:23:19,216 in 10.3 and line it up to organization B. So that's 396 00:23:19,216 --> 00:23:22,006 where you see Dynamic NAT used, and it's only used temporarily. 397 00:23:22,006 --> 00:23:26,566 Obviously that situation doesn't want to hang around for any amount of time. 398 00:23:26,806 --> 00:23:30,066 So the last form of NAT that I want to talk about is Static NAT, 399 00:23:30,066 --> 00:23:31,826 and this one is used all the time. 400 00:23:31,826 --> 00:23:36,176 So we've got, you know, PAT, which is just everywhere, and then we have Static NAT, 401 00:23:36,176 --> 00:23:38,306 which is used all over the place. 402 00:23:38,306 --> 00:23:43,906 A static NAT is a one-to-one mapping from the inside to outside that doesn't change. 403 00:23:44,046 --> 00:23:48,026 As you saw before with PAT, you know, these little port number deals 404 00:23:48,026 --> 00:23:52,236 that we're running where, you know, this guy opens up a web browser and accesses cisco.com, 405 00:23:52,496 --> 00:23:53,666 you know, he uses his port number. 406 00:23:53,666 --> 00:23:59,886 Well as soon as he closes his web browser, that session dies, and that NAT port ends up back 407 00:23:59,886 --> 00:24:02,396 into the pool where it can be used by anybody again, right? 408 00:24:02,776 --> 00:24:05,536 But there's times where you want to create a one-to-one mapping. 409 00:24:05,536 --> 00:24:13,646 Maybe I say this one is always mapped to the IP address 200.1.1.2, which is, you know, 410 00:24:13,646 --> 00:24:16,786 the ISP believes you have that addresses because they've given it to you. 411 00:24:16,786 --> 00:24:21,776 So when somebody, you know, this is usually let's say this one is actually an email server, 412 00:24:22,576 --> 00:24:22,816 right? 413 00:24:23,936 --> 00:24:28,676 So when you're running an email server in an organization, emails are coming in from all 414 00:24:28,676 --> 00:24:32,116 over the world, and they need to be able to reach your router. 415 00:24:32,176 --> 00:24:33,986 Now how would they know to come here? 416 00:24:33,986 --> 00:24:35,366 How would all emails know to come right here? 417 00:24:35,536 --> 00:24:37,436 Well, you would go to a DNS server. 418 00:24:37,436 --> 00:24:46,516 Let's say, let's say your organization NUGGETLAB.com Well what you do is wherever you 419 00:24:46,516 --> 00:24:49,486 registered that domain, you would go to the DNS control panel 420 00:24:49,486 --> 00:24:52,576 and create a mx record, which is the mail exchange. 421 00:24:52,576 --> 00:24:57,926 You would say, okay, any time somebody sends me mail, send it to, you know, 200.1.1.2, 422 00:24:57,996 --> 00:25:01,376 and so that, you know, the mail servers look up that mx record. 423 00:25:01,536 --> 00:25:07,186 They would end up here, and you create a static NAT mapping that says 200.1.1.2 really maps 424 00:25:07,186 --> 00:25:11,756 to my email server at 192.168.1.51. 425 00:25:12,216 --> 00:25:16,336 So this is usually used for inbound, you know it's where things coming in, 426 00:25:16,336 --> 00:25:21,336 but now this time this one goes out, he will also go out as 200.1.1.2. 427 00:25:21,336 --> 00:25:23,656 He doesn't go into the general pool over here. 428 00:25:23,656 --> 00:25:28,506 Now you can use static NAT as a one-to-one IP address, 429 00:25:28,506 --> 00:25:29,996 or you can even break it down even further. 430 00:25:29,996 --> 00:25:38,416 You could say 200.1.1.2 on port 25 maps to this email server on port 25. 431 00:25:38,416 --> 00:25:41,396 So, by the way, port 25 is SMTP. 432 00:25:41,666 --> 00:25:44,196 That's what email servers use when they receive email. 433 00:25:44,516 --> 00:25:47,946 So that allows you to say just that port maps to that email server. 434 00:25:48,286 --> 00:25:48,846 Why is that good? 435 00:25:49,586 --> 00:25:52,656 Because public IP addresses are at a premium, you know. 436 00:25:52,656 --> 00:25:54,806 You want to conserve them as much as possible. 437 00:25:54,806 --> 00:25:57,476 So you might be able to, you know, use that for other things. 438 00:25:57,476 --> 00:26:05,176 You might say, well, 200.1.1.2:80, you know, HTTP services, those will actually go 439 00:26:05,176 --> 00:26:06,716 to a third server inside of here. 440 00:26:06,716 --> 00:26:12,696 Maybe we've got a server 192.168.1.100, and that's our web server that we're running. 441 00:26:12,696 --> 00:26:18,466 So if somebody accesses web services it actually goes to that 192.168.1.100 on port 80, 442 00:26:18,466 --> 00:26:22,806 and I can now kind of split this IP address into all these different services. 443 00:26:22,806 --> 00:26:27,806 So you say, oh, well, actually I also want to sent 200.1.1.2:443, 444 00:26:27,806 --> 00:26:30,176 which is HTTPS, to that same destination. 445 00:26:30,176 --> 00:26:34,426 So you can really split this up, you know, give it the whole IP address per server, 446 00:26:34,586 --> 00:26:37,526 or you can break it down and say, well, these go to these ports go to these different servers, 447 00:26:37,526 --> 00:26:39,966 and really get the most out of each IP address. 448 00:26:41,176 --> 00:26:46,436 Those are the concepts, and if it's at all fuzzy right now, and hopefully it's not, but if it is, 449 00:26:46,696 --> 00:26:50,126 it'll get much clearer when we start doing the configuration in the next nugget. 450 00:26:50,606 --> 00:26:51,106 So let's review. 451 00:26:51,696 --> 00:26:54,456 We have seen what network address translation is. 452 00:26:54,846 --> 00:26:58,766 We have seen there's many ways to go public to private, and we saw the static way, 453 00:26:58,766 --> 00:27:03,566 the dynamic way, and then using PAT as a way to do it. 454 00:27:03,566 --> 00:27:08,386 Almost everybody in the world using PAT, almost every business in the world using static NAT 455 00:27:08,646 --> 00:27:12,326 to make servers available from the inside out, and then we saw some, 456 00:27:12,326 --> 00:27:15,526 I'll say some, of the NAT terms and locations. 457 00:27:15,796 --> 00:27:21,686 We saw the inside, the outside addresses, but when we get to the configuration, 458 00:27:21,726 --> 00:27:25,236 you might remember I said there's actually more to this where we get to things known 459 00:27:25,236 --> 00:27:28,386 as inside local addresses and inside global addresses. 460 00:27:28,386 --> 00:27:34,026 You'll start being able to identify where these different IP addresses are in the grand scheme 461 00:27:34,026 --> 00:27:36,106 of things, but that's in the configuration. 462 00:27:36,246 --> 00:27:40,036 So for now, I hope this has been informative for you, and I'd like to thank you for viewing. 45816