Network Address Translation Overview
▀ NAT Feature Overview
▄ Cisco ASR 5000 Series Product Overview
OL-22938-02
NAT Realms
A NAT realm is a pool of unique public IP addresses available for translation from private source IP addresses. IP
addresses in a NAT IP pool are contiguous, and assignable as a subnet or a range that constitutes less than an entire
subnet. IP addresses configured in NAT IP pools within a context must not overlap. At any time, within a context, a
NAT IP address must be configured in any one NAT IP pool. IP addresses can be added to a NAT IP pool as a range of
IP addresses.
Important:
The minimum number of public IP addresses that must be allocated to each NAT IP pool must be
greater than or equal to the number of Session Managers (SessMgrs) available on the system. On the ASR 5000, it is >=
84 public IP addresses. This can be met by a range of 84 host addresses from a single Class C. The remaining space
from the Class C can be used for other allocations. Each address has available its port range ~64K ports.
Up to 2000 unique ―IP pools + NAT IP pools‖ can be configured per context. A maximum of three NAT IP pools/NAT
IP pool groups can be configured in a Firewall-and-NAT policy. At any time a subscriber can be associated with a
maximum of three different NAT IP pools/NAT IP pool groups and can have NATed flows on three different NAT IP
addresses at the same time.
Allocation of NAT IP addresses in NAT IP pools to subscriber traffic is based on the L3/L4 characteristics—IP
addresses, ports, and protocol—of the subscriber flows. It is possible to configure the system to perform or not perform
NAT based on one or more L3/L4 parameters. This feature is also known as Target-based NAT. For more information,
see the
Target-based NAT Configuration
NAT IP pools have the following configurable parameters. These parameters are applicable to all IP addresses in a NAT
IP pool.
NAT IP Address Allocation Mode: Specifies when to allocate a NAT IP address to a subscriber; either at call
setup or during data flow based on the allocation mode.
Not-on-demand Allocation Mode: This is the default mode. In this mode, the NAT IP address is
allocated to the subscriber at call setup. If there are three NAT IP pools/NAT IP pool groups
(maximum possible) configured in the subscriber‘s Firewall-and-NAT policy, the subscriber is
allocated three NAT IP addresses, one from each NAT IP pool/NAT IP pool group based on rule
matching.
On-demand Allocation Mode: In this mode NAT resources are assigned and allocated dynamically
based on subscriber flows. The NAT IP address is allocated to the subscriber when the data traffic
flows in and not at call setup.
In case of on-demand pools, since the NAT IP address is not allocated to the subscriber at call setup,
the subscriber may not have a NAT IP address allocated when the first packet is received. Until the
successful allocation of a NAT IP address, based on the configuration, the packets can either be
buffered or dropped. Once a free NAT IP address is available, it is allocated to the subscriber to be
used for flows matching the pool.
NAT Binding Timer: Specifies the timeout period, in seconds, to deallocate NAT resources that were allocated
to subscriber flows. When a subscriber flow stops the timer starts counting down, and on expiry the NAT
resources are deallocated to be made available for other subscriber flows.
Summary of Contents for ASR 5000 Series
Page 1: ......
Page 26: ......
Page 48: ...New In Release 10 0 SCM Features Cisco ASR 5000 Series Product Overview OL 22938 02 ...
Page 50: ......
Page 58: ......
Page 68: ......
Page 126: ......
Page 138: ......
Page 146: ......
Page 218: ......
Page 236: ......
Page 356: ......
Page 374: ......
Page 422: ......
Page 496: ......
Page 572: ......
Page 654: ......
Page 700: ......
Page 726: ......
Page 784: ......
Page 816: ......
Page 844: ......
Page 906: ......
Page 926: ......
Page 942: ......
Page 943: ...Cisco ASR 5000 Series Product Overview OL 22938 02 Chapter 30 Technical Specifications ...
Page 966: ......
Page 972: ......