Network Address Translation describes the process whereby a device on a given network is presented as having an address on a different network. While this is often used on a stateful firewall device to translate private network addresses inside an organization to publicly routable IP addresses over the Internet, it is also used as a poor-man’s solution for multi-homing organizations on the Internet.
A network device that provides Network Address Translation (NAT) does so in an address-by-address basis. There are over 4 billion IPv4 addresses which are in the process of being depleted, this technique is inefficient and is rarely used. When most people discuss NAT, they are actually referring to a process called NAPT or PAT. Network address port translation allows for many IP addresses to be presented as a single IP address.
Some people don't understand the disadvantages of NAT. Check out the video on the right by Andrew Yourtchenko's Fanboy Series to learn more about what people typically say about NAT.
NAT provides a basic IPv4 connection but does not address more advanced features which are possible with IPv6 such as large address space, built-in security, scalability, and improved support for quality of service (QoS). NAT also places limitations on serving those with mobile smartphones and other devices which only use IPv6.
NAT Adds Complexities:
Network Address Translation makes managing a network complex and creates more problems with troubleshooting. The reason is that NAT devices add state to a specific location in the network. It is the managing of that state and the requirement of symmetric flows that causes these challenges.
Problems with Applications:
NAT makes application compatibility more difficult since NAT tampers with IP header fields which causes issues with File Transfer Protocol (FTP), IP Telephony (SIP) and Simple Network Management Protocol (SNMP). This means the IP addresses and port numbers must have special consideration and some NAT applications may not work properly. Additionally, some applications need to be rewritten in order for them to support NAT.
Security Protocol Issues:
Internet Protocol Security or “IPsec” is optional for the protocol to support in IPv4 since IPv4 was established before IPsec. IPsec is mandatory but not a requirement for support in IPv6 and is designed to identify header modifications. This means it is not uncommon for IPsec to reject the header changes which are made by NAT.
The lack of access to IP addresses with NAT means that specific functions may fail to work properly which would require applications to be rewritten. IPv6 provides a bigger address space which eliminates the time investment which is necessary when trying to make applications work with NAT.
The bottom line is NAT was the short term solution to address the lack of IPv4 address space. IPv6 represents the answer while NAT simply provides a piecemeal solution. When IPv6 is fully deployed, chances are NAT will no longer be necessary.