H3C S9500 Series Operation Manual page 950

Operation Manual – NAT-URPF-VPLS
H3C S9500 Series Routing Switches
192.168.1.3 192.168.1.3 192.168.1.3 192.168.1.3
PC PC PC PC
Server Server
192.168.1.2 192.168.1.2
Figure 1-1 Basic NAT procedure
As shown in Figure 1-1, the switch used as a NAT device is located at the joint of the
enterprise intranet and the external networks, and packets are exchanged between an
internal PC and an external server as follows:
When packet 1 sent from the internal PC with IP address 192.168.1.3 to the
external server with IP address 202.120.10.2 arrives at the NAT device, the NAT
process checks the packet header and finds that the packet is destined for an
external site and be consistent with NAT rules. Then, the process translates the
private IP address of 192.168.1.3 in the source address field of the packet header
into public IP address 202.169.10.1, which can be identified on the Internet, and
sends the packet out on demand while recording the address mapping in the NAT
table.
When response packet 2 sent from the external server to the internal PC with
destination address 202.169.10.1 arrives at the NAT device, the NAT process
checks the contents of the packet header, looks up the corresponding mapping in
the NAT table, and replaces the destination address in the packet header with the
private IP address of the internal PC.
The previously described NAT procedure is transparent to the communicating ends
such as the internal PC and external server in Figure 1-1. The external server assumes
that the IP address of the internal PC is 202.169.10.1 and does not know the address
192.168.1.3 at all. In this way, NAT 'hides' the enterprise intranet.
The advantage of NAT is that it enables internal hosts to access the external network
resources with privacy protected. However, it has also a disadvantage: if a packet has
an IP address or a port requiring NAT embedded in its header, the packet cannot be
1 ： 1 ：
Datagram 1 Datagram 1
Source IP Source IP
IP ： 192.168.1.3 IP ： 192.168.1.3
192.168.1.3 192.168.1.3
Destination IP ： 202.120.10.2 Destination IP ： 202.120.10.2
192.168.1.1 192.168.1.1 192.168.1.1 192.168.1.1
Datagram 2 ： Datagram 2 ：
2 ： 2 ：
Source IP ： 202.120.10.2 Source IP ： 202.120.10.2
Destination IP ： 192.168.1.3 Destination IP ： 192.168.1.3 ： ：
1 ： 1 ：
Datagram 1 Datagram 1
Source IP ： Source IP ：
202.169.10.1 202.169.10.1
Destination IP ： 202.120.10.2 Destination IP ： 202.120.10.2
202.169.10.1 202.169.10.1 202.169.10.1 202.169.10.1
Internet Internet
Switch Switch Switch Switch
Datagram 2 ： Datagram 2 ：
Source IP ： 202.120.10.2 Source IP ： 202.120.10.2 202.120.10.2 202.120.10.2
Destination IP ： Destination IP ：
202.169.10.1 202.169.10.1
1-2
Chapter 1 NAT Configuration
202.120.10.2 202.120.10.2
Server Server Server Server
PC PC PC PC
202.120.10.3 202.120.10.3