Episode 10 Segment 1

NAT Routers Part 2: Connecting 2 or more PCs to the Internet through a single Internet Address

( Internet Connection Sharing )

 

During the 1990s, as millions of small businesses and families all over the world discovered the Internet, demand for Internet Addresses surpassed the expectations of even the most enthusiastic Internet proponents of previous decades. Unfortunately, - "real" - Internet Addresses are a limited commodity, and back in the early days of the Internet, before it became clear that they would one day be of immense value, huge blocks of these Addresses were irretrievably allocated to a few influential universities, corporations, and government institutions. Billions more IP addresses were lost to inefficient allocation schemes as Internet architects tried to allocate address blocks in patterns that could help them clarify the logical locations of (and boundaries between) separate networks.

Back in the early days, people requesting Internet access got to choose between a "Class A" arrangement (with 16,000,000 Internet Addresses), a "Class B" arrangement (with 65,000 addresses), or a "Class C" arrangement (with 256 Internet Addresses).

Those days are gone forever. As the last blocks of Internet Addresses have been gobbled up, even "Class C" network access is now too expensive for small businesses, and the price is unthinkable for all but the wealthiest of families.

If you've already seen the AskMisterWizard.com movie entitled "Class C Commercial-Grade Internet Services", then you know that even this smallest of traditional arrangements can provide addressing for as many as 33 million communicating processes simultaneously running on as many as 253 different computers. That's a LOT of networking power!

A few years ago, as the first - "Internet Service Providers" ( ISPs ) opened their virtual doors for business, they all purchased blocks of address space and made plans to sell addresses, one by one, to families and individuals all over the world. By purchasing tens of thousands of IP addresses in a single block and then leasing single addresses, month-by-month, to individual homes and small businesses, they expected to be able to generate handsome profits. In fact, they even concocted schemes to lease access to more addresses than they actually owned, by gambling that most of their customers would switch their computers off when not in use. By keeping careful track of computers that were not active from moment to moment, and dynamically allocating addresses from a carefully managed "pool", they knew they might meet the likely demands of 20,000 homes with only 10,000 addresses. This practice has come to be known as "dynamic IP addressing, and it's the cause of some extra complexity and related challenges for small businesses and families using the Internet. (The opposite of - "dynamic IP addressing" - is - "static IP addressing". You can learn more about static and dynamic IP addressing from other movies here at AskMisterWizard.com).

The customers of these ISPs ended up with just a single Internet address, with the implicit expectation that they would connect just one computer. As you will soon see, however, that single Internet address has hidden power to support all of the computers that an individual household might ever want: as many as 253 of them!

Episode 10 Segment 2

 

This movie builds on the concepts discussed in two other movies that are available from AskMisterWizard.com. They are:

"Simple Routers for Small Networks Part 1: Client Firewalls", (explaining operation of a "NAT" router to protect a single PC),

and

"Class C Commercial-Grade Internet Services" (explaining extension of IP addressing beyond individual computers to communicate with as many as 130,000 separate processes per computer).

If these concepts are unfamiliar to you, then you should watch those two movies before proceeding.

You may also find it useful to review our movie entitled "Ethernet Delivers the Internet" to become comfortable with the way your ISP encapsulates IP protocol packets inside Ethernet frames for compatibility with your network equipment.

All of these movies introduce the subject of - "routers", with particular attention to the subject of - "network address translation", or - NAT.

Episode 10 Segment 3
 
In - this - movie, we will now examine the way Network Address Translation permits connection of additional computers, all sharing the single, low-cost Internet Address made available by your Internet Service Provider. The - "good news" - is that routers supporting NAT are available at very low cost, and they help you beat those Internet Service Providers at their own game! Low-cost NAT routers can easily arrange simultaneous Internet access for three or four separate computers, and we'll show you how you can even expand beyond that: (the theoretical limit permits as many as 253 separate computers, running as many as 130,000 simultaneous, communicating processes)!

Episode 10 Segment 4

 

Slow Downloads? You can get ALL of our Networking Videos, in much higher resolution, on a single CDROM from our Storefront at lulu.com. Click HERE!

 

After you install a NAT router as described in the other movies that we've just mentioned, you will probably notice that several Ethernet connections are provided. (Most low-cost NAT routers provide 5 or more RJ45 jacks for ethernet connections. One of these will be labeled - ISP - or - "Wide AreaNetwork" (WAN). That one must be connected to your DSL or cable - "modem". The others expand your Local Area Network (LAN) for your use through a built-in ethernet hub or switch. If your router provides only two RJ45 jacks for ethernet connections, you will have to provide your own hub or switch for expansion).

You can immediately connect your additional computers into these extra ethernet connectors. If you run out of connectors, you can insert additional ethernet hubs or switches as described in other AskMisterWizard.com movies from our - "Ethernet" - series.

Episode 10 Segment 5

 

Want higher resolution? You can get ALL of our Networking Videos, in much higher resolution, on a single CDROM from our Storefront at lulu.com. Click HERE!

 

As you connect ethernet - "patch" - cables between your additional computers and the ethernet connectors of your router, you should see the associated - "link lights" - illuminate, one by one, indicating proper ethernet connection. If any link light fails to activate as expected, you may need to tinker a bit with the connectors or cable, swapping with a - "crossover" - cable or activating - "crossover" - switches if necessary.

Once each link light is illuminated, you will be able to use any communicating applications that rely only on ethernet protocols.

Episode 10 Segment 6

However, before you can access the Internet or use - IP - applications, you may need to change the IP address of the associated computer. For your private use, your NAT router will manage a block of - "special" - IP addresses that will never be transmitted across the worldwide Internet. Most NAT routers allocate these from a local block of 256 addresses. By longstanding convention, these usually begin with 192.168.0 or 192.168.1.

Usually, this IP addressing is handled automatically. Most routers include a very well thought-out installation process and a special kind of - "server logic" - (known as - "dynamic host control protocol", or - "DHCP") that relies on ethernet to answer requests from your computers for IP addresses. If your router does not support DHCP then you will need to go to each of your local computers and manually configure the IP addresses. Consult the documentation that came with your router to learn the appropriate values.

Episode 10 Segment 7


If your local PCs are running Microsoft's - "Windows" - operating system, then it is very easy to configure an ethernet interface to request and use an IP address automatically via DHCP. From "Control Panel", click on - "Network and Internet Connections", then - "Network Connections". A list of all of your network interfaces appears. Select the one that best corresponds with the ethernet interface that you have connected with your router (usually it is named - "Local Area Connection").

That will immediately display a new frame named - "Local Area Connection Properties", with a list of associated modules under a heading that says: "This connection uses the following items:". From that list, select - "Internet Protocol TCP/IP".

A new frame entitled "Internet Protocol (TCP/IP) Properties will appear. From the prominent - "General" - tab, select - "Obtain an IP address automatically", and then click - OK. Close all of the open frames one by one until your desktop is displayed in the usual way. Thereafter you should be able to access Internet services from any of that PC's Internet client applications (such as your web browser, your email handler, simple Internet games, etc).

Episode 10 Segment 8

In our "Simple Routers for Small Networks Part 1: Client Firewalls", movie, you saw how a small router could serve as a hardware - "firewall" - for a single, protected personal computer, assigning it a - "private" - IP address and automatically translating its Internet messages to preserve the confidentiality of that address.

We showed how that single PC could simultaneously run two browser processes. The NAT router automatically learned about those two processes and launched two corresponding processes of its own to relay and translate the traffic.

Here's an illustration of that same NAT router, using the same mechanism, to support those same two browser processes in - TWO - separate PCs.

Let's assume that the PC facing us is running a browser process that has been assigned TCP process number 2020 (as in the previous movie). Let's then assume that another browser process, which just happens to be assigned TCP process number 2021 is running on the other PC.

Both of these PCs have - "private" - IP addresses that were issued by the NAT router when it was installed, and the NAT router will make sure that those addresses are always hidden from Internet traffic. There could be more than just 2 PCs addressed in this way, and all of those - "private" - IP addresses will always begin with 192.168.0 dot - "something" - in this example. (From now on during this movie, when we want to refer to one of these private IP addresses, we'll generally use only the last digit, so we'll say that the PC facing us has local IP address 2 and the other one has local IP address 3, etc).

Let's further assume that the Internet Service Provider ( ISP ) has assigned just one single IP address to this household or small business. The ISP thinks we have only one PC and that it can simultaneously execute a maximum of - "only" - "65,535" TCP processes and 65,535 UDP processes.

By responding to that IP address for all incoming packets, and by translating the IP addresses of all outgoing addresses to that IP address, the NAT router deceives the ISP into thinking that - it - is the only PC at this location. Even though that router doesn't have as much computing power as the array of PCs it is protecting, it doesn't need to be very smart because it is set up astride the network path, as a kind of a - "middleman" - in all of these conversations, and so for each of these message exchanges, it always learns exactly what to say from the PC processes for which it acts as a kind of a - "proxy" - or - "agent"). It doesn't need to - understand - the messages: it just re-addresses and relays them. It simply discards any incoming messages addressed to local PC processes about which it has no information.

Episode 10 Segment 9

When the browser process inside the first PC (at address local IP address 2) needs information from a web server out on the Internet, it formats the request according to the TCP conventions of the - Hypertext transfer protocol - and addresses the TCP data to process 80 (the usual and customary process ID for web servers). That data is then wrapped inside an IP packet addressed to the web server. The IP packet is then inserted inside an ethernet frame addressed to the NAT router and sent on its way.

When that data arrives at the NAT router, the ethernet frame is discarded and the IP packet is examined. The IP addresses are temporarily preserved, and then the IP packet is discarded, permitting examination of the TCP data header.

From the TCP data header, the NAT router learns that the PC with local IP address 2 is running a TCP process that it has named 2020. The router starts a new process of its own to relay that traffic, configuring it with the appropriate local IP address (2). For our purposes in this discussion, we will assume that the NAT router assigns TCP process 3000 to this new process. Accordingly, the reference to process 2020 is replaced with - "3000". The destination process id (80) is left unchanged.

The modified TCP data is then wrapped inside a new IP header, still addressed to the web server out on the internet, but replacing the - "source" - address with that of the router to satisfy the ISP.

That IP header is then encapsulated inside a new Ethernet frame and sent on to the Internet through the cable or DSL - "modem".

Episode 10 Segment 10

Eventually the remote web server responds with new data for the browser. When that data arrives at the NAT router, it is of course encapsulated inside an ethernet frame from the cable or DSL "modem". The ethernet frame is discarded to reveal the IP packet addressed to the router. The router temporarily preserves the source IP address, discards the IP packet, and examines the TCP data inside. The router can see that the TCP data inside is directed toward it's process number 3000. The router knows to send that data to process 2020 on the PC with local IP address 2, and so it updates the TCP header accordingly, wraps it inside a new IP packet addressed to 192.168.0.2, wraps that into a new ethernet frame for that PC's ethernet hardware, and sends it into the internal network where that PC can pick it up, stripping off and interpreting the frame and packet and TCP information to ensure that the web server data is displayed by the browser.

The same mechanism is used when browser process 2021 (in the other PC with local IP address 3) requests data from some other web server. By monitoring the outgoing requests, the NAT router is able to learn of all of the communicating client processes in all of the computers, launching proxy processes of its own to handle the corresponding, incoming responses.

When handling these two browser processes in two separate PCs as shown here, the router's process handling is almost exactly the same as when managing two browser processes inside a single PC as shown in our NAT router firewall movie. It really doesn't matter how many PCs you use to host your processes; The original IP address issued by your ISP anticipated as many as 65,535 simultaneous TCP processes and another 65,535 simultaneous UDP processes. (Of course, those numbers represent the - theoretical - maximum. An inexpensive NAT router will run out of memory when asked to manage more than a few hundred communicating processes, but that should be enough to support all of the PCs likely to be needed by a household or home business. A more expensive, business-oriented router can handle tens of thousands of processes in this manner).

Once the NAT router learns of a communicating, client process in any of your PCs, it remains prepared to handle the associated network traffic, relaying it and translating TCP, UDP, and IP address references as necessary so that the ISP thinks everything is coming from a single PC addressed by the original, single Internet address. The router remains prepared to handle each communicating process for an appropriate period of time; until the communicating processes negotiate an orderly disconnection, or until a reasonable period of inactivity indicates the end of associated traffic flow.

Episode 10 Segment 11

Weaknesses

This system works very well for most situations, but it does suffer from three, generally manageable weaknesses when compared to a business-oriented, class - "C" - Internet connection as described in our movie by that title:

Firstly, the number of processes that can simultaneously exchange data between the worldwide Internet and all of the computers in your local network is limited. The theoretical limit is reduced from 33 million processes down to 130 thousand. The practical limit, determined by the processing speed and memory capacity of your NAT router, is on the order of a few hundred processes.

Secondly, if you are going to host - Server - processes (such as web servers, FTP servers, Voice-Over-IP servers, multimedia servers, or game servers) on the Internet, you will run into additional limits. You will need to go through a manual configuration exercise to tell your NAT router about each of your servers, and only ONE server of any given type will be able to use the well-known, usual and customary TCP or UDP process ID ( "port" ) that Internet clients will expect to use to communicate with you. You can certainly run more than one server of any given type, but the extra ones will either have to be configured to use unusual port numbers or they will be isolated from the Internet. This subject, known as "Port Forwarding", is explained elsewhere here on AskMisterWizard.com.

Thirdly, a few applications are just not compatible with NAT translation because they need to exchange additional IP addresses or port numbers deep inside their own TCP or UDP data, where a low-cost NAT router cannot identify or translate them. These are generally rare and obscure applications, but if you run into one of them you will have to abandon it in favor of some more compatible replacement.

Conclusions

A low-cost - NAT - router permits you to give Internet Access to more than one computer in your Local Area Network. In a typical situation, four to ten PCs can be supported. Each of those PCs can run almost any combination of client processes to access servers on the worldwide Internet (Most - "peer-to-peer" applications are designed to behave like - "clients" - in this respect, and will also be supported). Server processes can also be supported, but they will require manual configuration and some compromises may be necessary.