Nat444 - HPE FlexNetwork HSR6800 Configuration Manual
Comware 7 layer 3, ip services
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (482 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
1.
Upon receiving a request from the host, NAT translates the public destination IP address and
port number to the private IP address and port number of the internal server.
2.
Upon receiving a response from the server, NAT translates the private source IP address and
port number to the public IP address and port number.
NAT444
NAT444 provides carrier-grade NAT. It is a preferred solution for carriers to mitigate IPv4 address
exhaustion. It introduces a second layer of NAT on the carrier side, with few changes on the
customer side and the application server side.
NAT444 provides port block-based PAT translation. It maps multiple private IP addresses to one
public IP address and uses a different port block for each private IP address. For example, the
private IP address 10.1.1.1 of an internal host is mapped to the public IP address 202.1.1.1 and port
block 10001 to 10256. When the internal host accesses public hosts, the source IP address 10.1.1.1
is translated to 202.1.1.1, and the source ports are translated to ports in the port block 10001 to
10256.
NAT444 includes static NAT444 and dynamic NAT444.
As shown in
•
CPE—Provides NAT services on the customer side.
•
BRAS—Provides Internet access services.
•
NAT444 gateway—Provides carrier-grade NAT services.
•
AAA server—Cooperates with BRAS to provide user authentication, authorization, and
accounting services.
•
Log server—Records user access logs and responds to queries for user access information.
The AAA server authenticates the internal users and starts accounting after users pass the
authentication. The BRAS device assigns private IP addresses to authenticated users. When a user
accesses the external network, the NAT444 gateway assigns the user a public IP address and port
block, and sends the mapping to the log server. The next time the user accesses the external
network, the NAT444 gateway assigns a new mapping if the former mapping ages out and sends the
new mapping to the log server. The log server uses the mappings for user tracing.
Figure 53 NAT444 application diagram
Static NAT444
The NAT444 gateway computes a static NAT444 mapping before address translation. The mapping
is between a private IP address and a public IP address with a port block.
The NAT444 gateway uses private IP addresses, public IP addresses, a port range, and a port block
size to compute static mappings:
1.
Divides the port range by the port block size to get the number of available port blocks for each
public IP address.
Figure
53, the NAT444 architecture includes the following entities:
115
Advertisement
Table of Contents
Troubleshooting
