How does Router know where to forward packet

74

37

If several computers with local addresses (192.168.0.#) are connected to a router and each computer opens a web browser and requests a page over HTTP, when these TCP:80 packets are sent out, the router switches the local address with the static IP of the router (i.e. Provider given IP) so the server can reply to the appropriate address.

But how does the router know to which computer to forward the HTTP reply, since the TCP header does not contain the local IP address (does it?), and all computers are using port 80?

Does this have anything to do with the MAC addresses?

How exactly does this work?

Kornelije Petak

Posted 2010-02-07T13:11:07.913

Reputation: 1 572

Answers

84

Most home routers use a special-case of NAT called PAT.

You'll also see it referred to as NAPT, or IP Masquerading. All three of the latter terms mean the same thing in general use. (The acronyms - Network Address Translation / Port Address Translation / Network Address Port Translation)

When the packet goes out from your internal machine, the source address is rewritten as you are aware. The source port is also changed, usually to a high number, and the router keeps an address translation table.

For example, let's say you have a client machine that goes to www.google.com. Your computer (e.g., 192.168.1.100) looks that address up and makes a TCP connection to 72.14.204.147 on port 80 from your internal IP address, using a random source port.

To your computer, the connection looks like this:

192.168.1.100:37641   <-->  72.14.204.147:80

Your computer sends the packet to the router, which picks a new random high port and rewrites the packet. Each outbound connection gets its own port on the router. The router then forwards the packet on to your ISP after adding it to its connection table:

PrivateIP        PrivatePort   PublicIP      PublicPort    Remote          RemotePort
-------------    ----------    -----------   -----------   ----------      -----------
192.168.1.100    37641         *10.6.23.5    59273         72.14.204.147   80

*For example purposes, I used an address starting with 10, but these aren't publicly routable. The table is also somewhat oversimplified.

To google, the connection looks like this:

10.6.23.5:59273   <-->  72.14.204.147:80

Google will send it's reponse to 10.6.23.5 on port 59273. Your router then looks up that information in the table and forwards the packet on to 192.168.1.100:37641.

Paul

Posted 2010-02-07T13:11:07.913

Reputation: 963

3So to summarize, the Router uses port numbers to remember what from the outside the local network goes to what on the inside of the network. However, this doesn't explain how it www.google.com would find me if I didn't send it an initial request. In other words, messages can only reach me via the router if I initially sent a request through the router – CodyBugstein – 2014-06-26T15:15:33.710

AFAIK, NAPT and PAT and IP Masquerading are the same colloquially and technically. And they are cases of NAT. With NAT there is https://www.rfc-editor.org/rfc/rfc2663.txt traditional NAT, basic NAT and NAPT.

– barlop – 2014-06-26T16:25:05.663

2@Imray google.com (or anything else on the Internet) can't find your computer if your computer didn't initiate the request. This is why having a router adds a lot of security. – Jason – 2014-07-22T18:27:47.647

6

@Jason That's a dangerous myth. Having a firewall adds security. The job of a typical SoHo router is just to make things work, not to stop things from working. Se here for more information.

– David Schwartz – 2014-07-22T18:38:29.810

@David Schwartz I read your link, the comments, and the chat. While educational, it's not really helpful in practice or in the context of this question. As you said yourself, home/SOHO routers don't purely use NAT. So again, if you have a router, the internet won't be initiating requests with your PC. – Jason – 2014-07-23T18:24:57.697

@Jason That "having a router adds a lot of security" is a dangerous myth, though it might happen to be true sometimes. And, in fact, your specific claim ("can't find your computer if your computer didn't initiate the request") is flat out false -- permissive NAT is quite common in SoHo routers because it makes a lot more things 'just work'. – David Schwartz – 2014-07-23T18:29:37.317

1@Jason Better not to delete your comment, it makes what would've been a worthwhile discussion to read, not possible to read. – barlop – 2014-12-11T15:42:36.773

2Nice example, but does this mean all high number ports are always open on our routers? – jiggunjer – 2015-02-15T15:15:08.037

1No. Often, the NAT feature is more a function of the firewall code within the router than the regular networking functionality. The port won't be in a LISTEN state or accept new connections, but once the mapping is there, it may or may not allow other inbound packets to use that mapping; Newer systems will usually only allow packets in from the actual system you initiated the connection to. A few exceptions to that rule: 1) Special handling to support FTP connections will open ports; 2) UPnP devices may request an inbound port; 3) You manually configured port forwarding for a given protocol. – Paul – 2015-02-16T22:40:57.570

Just to add to the subject: since you cant predict which public port the router will generate, you cant communicate peer to peer even if the remote (a friend) inform you of his public IP. Thats why most routers have "port forwarding" configurations. It assures to keep packets sent trough these configured ports unchanged, and thus, knowing the port you can have a P2P connection. Handy if you want a P2P app without needing a server for NAT punch trough. – Icebone1000 – 2017-04-06T02:38:00.120

Wouldn't be possible to have all devices given the same IP address? anyhow the important thing is the Port, right? I mean, any how the router knows the MAC address of the devices... – Pablito – 2017-04-17T19:32:22.003

Nice explanation. What I don't understand is: why does the router generate a new PublicPort instead of using the PrivatePort? @Paul – gedamial – 2018-05-11T18:57:14.077

@gedamial -- Technically there's no reason PublicPort and PrivatePort have to be different, as long as that port number is only needed for one internal system at a time. In practice, there's little advantage to doing so for normal traffic. And it's likely to be simpler for the NAT implementation to just pick a random unused port rather than having to address collisions (two systems with the same port number) specially when they occur. Most outbound connections behind PAT will be using random high ports (ephemeral ports) anyway, so you don't gain much in terms of predictability. – Paul – 2018-09-03T05:30:42.513

So, every request made selects a new port? Is this true, coz there are only 64k ports available for use which tells me that I can only make 64k requests from my computer – swayamraina – 2018-11-02T18:02:34.153

@swayamraina - What you are referring to is called "port exhaustion" and yes, it's possible. In practice it's only likely to be an issue if you're making unusually large numbers of outbound connections or masking large networks behind a single external IP address. Exact behaviour will be implementation-dependent, but in general as connection timers expire or TCP sessions are torn down, ports will be released and can be reused for different outbound connections. – Paul – 2018-11-26T17:17:05.190

@Paul - how would the large organisations would typically handle port exhaustion? I'm assuming using multiple public IPs, but can you give me some references how it's done? Particularly dev companies, where employees working on web development, each of them might use large number of ports for testing (for example testing large number of socket connections on their dev machine). – Shishir Gupta – 2019-11-11T03:39:03.840

1

The routers between the local network and the rest of the internet use a technique called NAT.

Just an excerpt from TCP/IP Illustrated Volume 1 about NAPT, with a word about the shortcomings of its simple cousin, Basic NAT:

Basic NAT performs rewriting of IP addresses only. In essence, a private address is rewritten to be a public address, often from a pool or range of public addresses supplied by an ISP. This type of NAT is not the most popular because it does not help to dramatically reduce the need for IP addresses—the number of globally routable addresses must equal or exceed the number of internal hosts that wish to access the Internet simultaneously. A much more popular approach, NAPT involves using the transport-layer identifiers (i.e., ports for TCP and UDP, query identifiers for ICMP) to differentiate which host on the private side of the NAT is associated with a particular packet (see Figure 7-4). This allows a large number of internal hosts (i.e., multiple thousands) to access the Internet simultaneously using a limited number of public addresses, often only a single one. We shall ordinarily use the term NAT to include both traditional NAT and NAPT unless the distinction is important in a particular context.

CodyBugstein

Posted 2010-02-07T13:11:07.913

Reputation: 1 174

Asked: 2010-02-07T13:11:07.913

Viewed: 37 143 times

Active: 2014-12-11T14:46:31.890