Every day we receive a variety of questions about such an incomprehensible word for most users as NAT and the tariffs of virtual servers (NAT-VPS) associated with it. Despite the sufficient prevalence of such a mechanism of work, only system administrators know about it, for the most part, although, most likely, reading this article, you are using this technology one way or another.

In this article, we will understand in simple words the specifics of the work, whether there is a difference with "traditional" virtual servers and whether it is worth your attention.

A little theory and what does virtual reality have to do with it

The most frequent topic of pre—sale discussions is "Will I have such and such software on NAT tariffs?".
And this question is already initially not quite correct. NAT has a mediocre attitude to the operation of the software. All calculations are handled by your virtual server. And the word "virtual" is here for a reason. By definition, a server (not virtual, but just a real server) is a specialized computer, that is, it has a real processor, real RAM and other necessary existing things that, roughly speaking, you can touch. And it's expensive, expensive and redundant. For example, for a bot to work in vkontakte, the audience of which is your friends and a couple of friends of friends, a few percent of the capacity of the whole server is enough, which means that you will pay for the whole server, and use only a percentage. Not profitable.

Virtualization systems are designed to solve this problem. Without going into details (after all, the main topic of the article is NAT), virtual machines are created, the management of which is assigned to a special utility program - a hypervisor. Virtual machines together with a hypervisor run on a physical server, and several virtual machines running the same or different operating systems and sharing computing resources can run on one such server. At the same time, virtual machines created in this way are not always given to know that they are not really real.



Most of the software is designed specifically to work on real processors. It depends on the virtualization system, which is responsible for creating a virtual server (and therefore for simulating the operation of a real processor), whether your software will work correctly or not.
On NAT tariffs, we use LXC virtualization.

As you can see, NAT is not the main factor in the correctness of your software. If it works with LXC, then it will work with LXC on NAT—VPS tariffs.

To each house — by NAT

Now that we have understood a little directly about the virtual server, let's talk about NAT and our tariffs, which can be bought for a price of only 45 rubles per month.

We owe the emergence of this technology to the global shortage of IPv4 addresses, because it (NAT) helps to solve this problem to some extent for ordinary users.
See how you access the Internet from your devices. With a high degree of probability, you have a specialized device (modem) at home, to which your computer, phone, and other devices are connected (even a smart kettle will not stay away).

On the Internet, all your devices are identified by a single IPv4 address. But in this case, how does the phone get its content, and the PC gets its own, if the delivery address is the same? 

In order for you not to need to use a unique address for each device (in conditions of global shortage, read how to buy), NAT (working on the side of the modem and your devices) is responsible for using several devices of the same address, assigning an internal local address to each such device.

Each device inside the network has its own address of type 192.168.x.x, requests from which our modem (aka the router) processes and sends to the Internet from a common IPv4 address (in fact, there are still nuances, but in our case, such an explanation is enough for us to understand the principle of operation).

Our NAT-VPS tariffs work on the same principle.



Your virtual server is assigned a "gray" (that is, not visible from the Internet) address. Within it, you can run any software and occupy all available ports. For example, you installed an ssh server for remote connection to your virtual server and it usually started on your port 22. But how can I access it now, if there are a dozen more machines in our network that use port 22, how can the router understand what exactly to send traffic from the Internet to your port 22 inside the network?

This problem is solved by forwarding some unique port from a common IP address to your internal one. For example, for your port 22, we allocate an external port 10200, and for your neighbor, for his port 22, we allocate an external port 10300.
Now we have a so-called port map. Let's say the external address of our server is 55.55.55.55, the address behind the NAT of your virtual server is 192.168.10.2, and your neighbor is 192.168.10.3.

Now, when you send a request to the address 55.55.55.55:10200, the router understands that it needs to be addressed to your machine with the address 192.168.10.2 on port 22. At the same time, another client can connect to his machine at 55.55.55.55:10300 and the router will redirect the request to his machine with the address 192.168.10.3:22.

All these difficulties have led to the fact that both you and all server clients use one common IP address, thereby not paying for its rent. In general, this is the only advantage of NAT technology in the field of virtual servers.
That is why this technology is not so widespread, because an extra 140-250 rubles a month makes your (and the life of a hoster, because there are a lot of problems with NAT for a hoster, but this article is not about that) life easier. However, do not write it off. After all, any savings are savings. For many projects, you can configure ports 1 time, and the extra 140-250 rubles will not leave your wallet every month. And this is from 1,680 to 3,000 rubles a year, which is comparable to the annual cost of an average VPS server.

What problems can you face on NAT-VPS and how to solve them

- Some software works only with standard ports.
If you encounter such a problem, it is only this software's problem. There are many scenarios when the necessary service is purposefully launched on a non-standard port, or uses several, this is not uncommon and working for NAT is only one of such cases. In normal software, you will always have the opportunity to specify a non-standard port for connection.

- The complexity of setting up a web server.
Every service running on the Internet uses some port. In the case of the web, this is usually port 80. It is always there, but browsers carefully hide it for your convenience. But in the case of NAT, your 80th port will have a form far from this number on the common address. And the browser will already show the conditional port 10301 in the address bar and your visitors will have to enter it in the address bar. You can't remove the port from the IP address (because it tells our router which machine to send traffic to, remember?), but you can remove it from the domain name. To do this, we provide you with a proxy server that accepts a request to a common port 80, and by domain name already understands which virtual server to send content from. To proxy a domain, you need to contact our support.

- Difficulties with installing SSL.
Due to the use of proxying, your local SSL certificate for NAT will have no effect on the proxy server, because the proxy server is essentially a mirror - it just shows your content, not letting your server "feel" and normally identify the visitor, only show the content requested by the proxy server (and not directly a visitor) and already accept the information about the visitor from the proxy server, such is the work through an intermediary.
This problem can be solved on our side, however, it is an extra cost and effort, and at the moment it is an unclaimed function, because it has a third-party working solution. And the solution on our side will increase the cost for everyone, even for those who did not install this very web server and SSL on their virtual server - this is not very good.
To solve this problem, use the CloudFlare service (I think this service needs no introduction for site owners) — add your domain and set the SSL Flexible value. Now CloudFlare will receive information from you via http, and give it to the visitor via https.



- Inability to receive UDP traffic.
The address is shared, and each client may have detractors at this address. With the help of UDP, you can effortlessly cause a break in the service of the address, clog up the Internet channel. We cannot allow this, since many projects have been launched at the same address, the suspension of which is unacceptable. Therefore, for security reasons, UDP traffic is completely disabled. In fact, you will be able to install software with it on the server, but it will only work between virtual machines for NAT. It will not be able to go online and get something from outside. Fortunately, most software can work on other protocols such as TCP.

Is it so good for NAT or not?

As you can see, using NAT-VPS saves you money, but adds a number of solvable (in 99% of cases) difficulties. If they don't scare you, then NAT-VPS is a great option for your project. If there are any difficulties, our support service will be happy to help you at any time of the day via any communication channel.
NAT tariffs are always several times cheaper than full-fledged KVM tariffs, you can view all tariff plans (including those with dedicated IP) here:
https://hostetski.ru/panel/billing.php?do=tarifs&vid=vds