Re: NAT - How Many IP Addresses to Overload?

From: miken (miken@sisna.com)
Date: Thu Sep 04 2003 - 04:51:44 GMT-3

• Next message: zhang-meng: "Cisco 6506 and BGP problem"
• Previous message: Oliver Ziltener: "ip helper-address to a network instead to a single host"
• Maybe in reply to: Kenneth Wygand: "NAT - How Many IP Addresses to Overload?"
• Next in thread: Scott Morris: "RE: NAT - How Many IP Addresses to Overload?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ken,

I have observed this PAT behavior in routers as well. That appears to be
normal. It will overload the first IP address until an ephemeral port/source
IP/destination IP/destination port conflict arrises and then will use the
next available pool address. If you don't overload the pool, then I believe
it will do a one to one. So in theory, you would be able to overload
65535-1024 hosts+ per pool or interface address. In reality, that
depends....our old standy answer for everything in networking =), on the
platform you are using, the amount of memory, and cpu available. An 800
series router will have much less capacity to overload an address than say a
7200. I have had up to 1500 users overloading the outside interface of a 515
PIX. I've also had around the 500 number you are experiencing on a 2620
router. Like you say, so much also depends on traffic patterns and
simultaneous connections.

HTH
Mike N

----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, September 03, 2003 12:29 PM
Subject: NAT - How Many IP Addresses to Overload?

> When NAT is overloaded for a large network to a public IP address range,
> how many IP addresses are generally required / suggested? Of course the
> actual number will depend on traffic patterns and number of simultaneous
> connections.
>
>
>
> The reason I ask is because I configured a 500-user network to an
> overloaded dynamic NAT pool of 10 IP addresses. When I do a "show IP
> nat translations", I see every connection is being NAT'ed to the first
> IP address of the pool on high port numbers. Based on this behavior, it
> is my assumption that NAT will not round-robin to select the public IP
> address to use for a session, but rather select the first available IP
> address in the pool at the time of the translation request.
>
>
>
> Any real-world experience or suggestions on this topic?
>
>
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
>
> CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
> Custom Computer Specialists, Inc.
>
> "It's not just about ending up where you want to be, it's about making
> the most of the trip there."
> -Anonymous
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: zhang-meng: "Cisco 6506 and BGP problem"
• Previous message: Oliver Ziltener: "ip helper-address to a network instead to a single host"
• Maybe in reply to: Kenneth Wygand: "NAT - How Many IP Addresses to Overload?"
• Next in thread: Scott Morris: "RE: NAT - How Many IP Addresses to Overload?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:22 GMT-3