Options
What if a border router does not have NAT?
johnifanx98
Member Posts: 329
in CCNA & CCENT
Suppose an inside host sends a packet to an outside global host. Would the router just discard the packet because of no NAT, or, blindly forwards it as if it's a valid packet?
Also, if a router is identified as a border router, like one interface connected to an inside network, and another interface connected to a public network, would NAT configuration a mandatory thing?
Also, if a router is identified as a border router, like one interface connected to an inside network, and another interface connected to a public network, would NAT configuration a mandatory thing?
Comments
-
OptionsNetworkVeteran
Member Posts: 2,338 ■■■■■■■■□□
If NAT is not involved, those terms have no meaning. There is simply host1's address and host2's address. Packets aren't forwarded blindly--they're forwarded based on the destination IP address and routing table, and discarded based on access control lists.johnifanx98 wrote: »Suppose an inside host sends a packet to an outside global host. Would the router just discard the packet because of no NAT or, blindly forwards it as if it's a valid packet? -
Options
mapletune
Member Posts: 316
It really depends on each individual case, what kind of internet service do they have, etc.
But always remember, a router "routes packets at L3" and most of the times using IP addressing protocol.
Thus, different sides of the connection will have different CIDR/subnet. So, if your service provider gives you 1 ip for your router. and X number of IPs in another subnet for your hosts, then you can just config your router to route between the X number of hosts and the SP directly.
That will not be the case most of the times. NAT is pretty much standard.
If an inside host with private class ip domain sends a packet to the outside world, and the router is configured with a default route to the Service Provider, then it will forward that packet to the service provider. The SP will just drop it.
As for the 2nd question, like i said before, NAT is pretty much "mandatory".
cheers,
MikeStudying: vmware, CompTIA Linux+, Storage+ or EMCISA
Future: CCNP, CCIE -
Optionsjohnifanx98
Member Posts: 329
I should not use the word "blindly". What I meant is the packet is forwarded according to the routing table, but the response will not come back correctly since no NAT.
You've mentioned "access control list". What is it and how does it help discard such non-NAT packets? I did not find this thing in my CCNA book...
Thanks, -
Optionsjohnifanx98
Member Posts: 329
It really depends on each individual case, what kind of internet service do they have, etc.
But always remember, a router "routes packets at L3" and most of the times using IP addressing protocol.
Thus, different sides of the connection will have different CIDR/subnet mask. So, if your service provider gives you 1 ip for your router. and X number of IPs in another subnet for your hosts, then you can just config your router to route between the X number of hosts and the SP directly.
That will not be the case most of the times. NAT is pretty much standard.
If an inside host with private class ip domain sends a packet to the outside world, and the router is configured with a default route to the Service Provider, then it will forward that packet to the service provider. The SP will just drop it.
As for the 2nd question, like i said before, NAT is pretty much "mandatory".
cheers,
Mike
Mike, could you explaine a bit more how/why Service provide discards such packets (with non-sense source IP)?
And, also will a router err if started without NAT configured? -
Optionsmapletune
Member Posts: 316
johnifanx98 wrote: »You've mentioned "access control list". What is it and how does it help discard such non-NAT packets? I did not find this thing in my CCNA book...
@ then i suggest getting a new book...
It basically lists the rules to turn features on or off. For example: allow traffic or not, give priority QoS, etc.Studying: vmware, CompTIA Linux+, Storage+ or EMCISA
Future: CCNP, CCIE -
Optionsmapletune
Member Posts: 316
johnifanx98 wrote: »Mike, could you explaine a bit more how/why Service provide discards such packets (with non-sense source IP)?
And, also will a router err if started without NAT configured?
Because Private IP Addresses are define by the RFC 1918 and RFC 4193 standards. I'll refer you to those if you want to know why. But for now, Private IPs are NON-ROUTABLE in the internet.
A router will not "err" (i assume you mean have errors and break) if it runs without NAT.Studying: vmware, CompTIA Linux+, Storage+ or EMCISA
Future: CCNP, CCIE -
Optionsvishaw1986
Member Posts: 40 ■■□□□□□□□□
Hey John ,
Router discard packet only when it find no router for the particular subnet , NAT has no relation with the routing . NAT is only the translations of the address .
NAT is Mandatory only when your are using private address range inside your network . For communication with the external network you need translation , so in that case you use NAT . -
Options
The IT Guy
Member Posts: 43 ■■□□□□□□□□
unless the outside global network is in the routing table or you have your gateway of last resort set out your inside global interface, the premise router will discard the packet because it has no clue where to send it
You have stated that NAT is not configured, which means no translation.
So even if you had a public address assigned to your inside global interface, no NAT = no translation from private to public. No translation between your NAT inside/NAT outside interfaces that would typically connect you to the ISP via some type of WAN connection. -
Options
Roguetadhg
Member Posts: 2,489 ■■■■■■■■□□
Just a friendly reminder - there's different versions of NAT in ICND2. PAT is what is most often referred to when people speakith "NAT". It utilizes 1 public IP for many people, at the same time! Gotta love Port Address Translation. At least, when people say "NAT", I really think "PAT".
There's other types: Dynamic NAT and Static NAT. Each implementations have their uses, so don't just forget about them!
Whoosh! And away to Security!In order to succeed, your desire for success should be greater than your fear of failure.
TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams -
Options
Diggs
Member Posts: 97 ■■□□□□□□□□
To my knowledge the packet would be forwarded as usual to the ISP however the ISP's router would discard the packet due to an ACL configured to prevent source private RFC 1918 addresses from being publicly routed. -
Options
networker050184
Mod Posts: 11,962 Mod
ISPs aren't going to put ACLs on the customer facing ports usually. Whats going to be used is most likely uRPF.An expert is a man who has made all the mistakes which can be made. -
Optionsjohnifanx98
Member Posts: 329
@ then i suggest getting a new book...
It basically lists the rules to turn features on or off. For example: allow traffic or not, give priority QoS, etc.
I realized that ACL is just another name of "access list". I did not miss it -
OptionsDiggs
Member Posts: 97 ■■□□□□□□□□
networker050184 wrote: »ISPs aren't going to put ACLs on the customer facing ports usually. Whats going to be used is most likely uRPF.
Thanks for the clarification....can't remember where I read / heard that was the case. -
Optionsnetworker050184
Mod Posts: 11,962 Mod
I won't say none of them use ACLs, but of the 20 or so large ISP networks I've worked on not a single one used customer facing ACLs to block RFC1918 sourced traffic.An expert is a man who has made all the mistakes which can be made.
