We have seen above that we can use NAT to distribute load over several hosts and achieve a higher availability of host based services. Can we use NAT to do the same for networks? Yes, we can. Above we have introduced virtual hosts that represent several real hosts, we can also create a virtual network connection that consists of several real wires which has the same advantages and disadvantages as the virtual server technique.
How can we do this with NAT? Imagine, we had two Internet providers.
Two, because we do not want to rely on the network of just one of
them in case of a failure of their networks. Every host that needs
Internet connectivity needs a unique IP, so we buy one IP for each
of them from each provider. When our hosts want to use provider one
they use this providers IP as local IP, when they want to use provider
two they use the IP given by this one as local IP. Every host with
an IP of both providers can now use either one to send its packets
to the same destination.
Now we already see where we are going. The setup described has the
potential to solve the problem, we could do load distribution by letting
some hosts use provider one and others provider two, and we have a
higher availability of the connection to the Internet, since it is
more unlikely that both providers have a major breakdown than it is
for one of them (how we calculate the probability has been illustrated
above). However, as it is easy to imagine we would have a very hard
time trying to do load balancing when each host decides on its own
where it sends its packets, not to mention how hard it would be to
convince a network application to use one or the other local IP. This
calls for a central authority to do the decision which host should
use which provider, and this authority will, of course, be a special
NAT-router.
Using NAT, our local hosts need just one IP, since it is no longer up to them to decide which provider (and therefore which IP) to use. If we had a favorite provider, we could use this providers IPs for our hosts, but we can also use internal IPs. Now, when an internal hosts wants to establish a new connection with a destination on the Internet, it just sends its packets to its default router, which is the NAT-router (in the end, there might be other routers involved), and the source IP is the hosts local (internal) IP. The NAT-router, because it knows all connections, decides which provider will route this connection, replaces the source hosts (internal) address with one of the provider chosen and sends it out to this providers router. Since the source address is an address of this providers network, the answers will also come in that way. The host where the packets originated from never gets to know which provider had been chosen by the NAT-router, so this process is transparent.
We can use the same algorithms as for virtual servers, so we can do load balancing and we have the high availability feature. The essential difference to the virtual server implementation is that we have to interfere with the routing process. In the above example we actually have two default routes.