Network Address Translation (NAT)

Rate this page:

Network Address Translation (NAT) is the modification of in-transit network packets to map one IP address space to another.  It is most commonly used in IP Masquerading, where a large private IP network shares a relatively small number of publicly facing IP addresses behind a router or gateway.

Address Exhaustion and IP Masquerading

IETF's RFC 791 lays out Internet Protocol version 4 (IPv4) which assigned publicly accessible machines 32-bit addresses. Those addresses - commonly referred to with the shorthand IP Addresses - can "only" address a maximum of 2^32 or 4,294,967,296 devices.

While 4.3 billion addressable endpoints was once sufficient, the explosion in popularity of the internet (and recently, internet-connected devices) means that IP address exhaustion is inevitable. Compounding the issue, IPv4 addresses were assigned in very large blocks at first, so many IPv4 addresses are effectively unusable for current devices. While Internet Protocol version 6 fixes the issue with 128-bit addresses (read: 2^128, 3.4e38, or more than the number of atoms in the universe) it isn't yet universally implemented.

How Network Address Translation Helps

NAT has become synonymous with the concept of IP Masquerading, where the true source or destination address of a packet isn't what's listed.

Analogous to a community mailbox, IP Masquerading can allow a single gateway device such as a router to sit in front of a network of dozens - or in some cases, millions - of computers on a private network. That single gateway will forward the packets on to the actual destination.

At home that might mean you have a router connected to the modem, a computer in the office, 2 laptops, a tablet, and an internet connected thermostat. Other than the router, the devices might have private network IP addresses of the form:

  • - (10/8 prefix)
  • - (172.16/12 prefix)
  • - (192.168/16 prefix)

The router will usually have the only publicly accessible IPv4 address in the house while other devices are masqueraded using Network Address Translation.

NAT on a large scale means that ~4.3 billion IP addresses have sustained IPv4 past 4.3 billion internet connected devices. However, it has introduced a number of complications - and at some times showstoppers - when dealing with routing.

How Twilio Solves NAT Problems

When a device is the recipient or initiator of a communications session (such as with SIP), it's very likely the device does not have a publicly accessible IP address. Twilio has deployed a number of services to avoid the complexity of NAT for your business communication needs.

Using STUN - Session Traversal Utilities for NAT - and TURN - Traversal Using Relays Around NAT - Twilio can route around any NAT traversal complexities when establishing peer to peer connections. STUN allows a host to discover its publicly accessible IP address while TURN will relay an incoming connection to a NATted device.

Twilio's Network Traversal Service is a globally distributed media relay service to improve the reliability of your peer-to-peer communications. We perform STUN lookups for you, and if STUN is insufficient to make a peer to peer connection we automatically provision a TURN Media Relay point in our global network on your behalf.

Network Traversal Service

* See Twilio's Q&A Writeup on STUN and TURN *

Reduce NAT Routing Complexities With Twilio

With our STUN and TURN capabilities and your business, the possibilities are endless...

You can help your internal workflow by ensuring geographically diverse sites have more reliable peer to peer connections. You can improve global service and support for your WebRTC applications. Whatever your need, Twilio has your back - read about our Network Traversal Service, dive into the docs or talk to sales today.

Rate this page:

Thank you for your feedback!

Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

Sending your feedback...
🎉 Thank you for your feedback!
Something went wrong. Please try again.

Thanks for your feedback!