Nat Overloading And Port Parity; Nat Interface Overloading With Vrf - Cisco Intelligent Wireless Access Gateway Configuration Manual

NAT Overloading and Port Parity

• The ip nat translation max-entries all-host command can be used in scenarios where the Cisco ASR
• The maximum number of translations per host can be configured using either of these ways:
• Ensure that you keep the translations timeout low, around 2 minutes for TCP, and 1 minute for UDP
NAT Overloading and Port Parity
You can preserve the addresses in the global address pool by allowing a device to use one global address for
many local addresses. This type of NAT configuration is called overloading.
When an Interface IP is overloaded for the translations and a single IP address is used for all the expected
translations, a maximum of 60,000 translations can be achieved with this configuration depending on the
traffic ports and the port parity involved. You can use the NAT Pool Overload configuration to achieve
maximum translations.
There is a concept of port parity (even/odd) in NAT and NAT64. If a source port is in the port range of 0 to
1023, it is translated between ports 512 to 1023. If a source port range is more than 1023, it takes ports from
1024 onwards.

NAT Interface Overloading with VRF

The NAT Interface Overloading with VRF scenario assumes that the service provider is only interested in
performing application-specific NAT, for example, the service provider perform NAT only on the DNS
requests from clients and the rest of the traffic will proceed as it is. Therefore, we can use Interface Overloading
instead of a pool. With this, we can have a maximum of 60000 translations per interface, which is deemed
good for the application-specific NAT. Also, the IP sessions and NAT are in a VRF (named
PROVIDER_WIFI_01, in the example below).
Intelligent Wireless Access Gateway Configuration Guide
88
1000 Series Router acting as ISG, performs NAT on all or most of the subscriber traffic. This helps the
operator to prevent a single host from occupying the entire translation table, while allowing a reasonable
upper limit to each host.
◦ Configuring the same number of maximum translation entries for all the subscribers using the
following command:
ip nat translation max-entries all-host maximum number of NAT entries for each host
◦ Configuring the maximum translation entries for a given subscriber using the following command:
ip nat translation max-entries host ip-address [per-host NAT entry limit]
translations:
◦ ip nat translation timeout 120
◦ ip nat translation tcp-timeout 120
◦ ip nat translation udp-timeout 60
Flow-Based Redirect
OL-30226-03