RE: NAT - How Many IP Addresses to Overload?

From: Scott Morris (swm@emanon.com)
Date: Thu Sep 04 2003 - 08:28:27 GMT-3

• Next message: Alec: "VoFR problem"
• Previous message: R. Adjakou: "Re: bgp to non-bgp to bgp"
• Maybe in reply to: Kenneth Wygand: "NAT - How Many IP Addresses to Overload?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

500 users gives you the ability of 130 connections per user. Now, be
aware of your timeout values on the PIX as well and therefore the
clearing of xlates. You may run into problems on that depending on your
level of usage from the users.

With doing multiple global Ips on the pix, you COULD also separate
different chunks of users to different PAT pools doing that, perhaps
minimizing your users-to-pool ratio.

That would likely be a better solution. Save the 1-to-1's for your
servers or power users with specific requirements, generic users can use
PAT pools.

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Todd Veillette
Sent: Thursday, September 04, 2003 12:10 AM
To: Kenneth Wygand; ccielab@groupstudy.com
Subject: Re: NAT - How Many IP Addresses to Overload?

500 users 65,000 or so sessions per ip via pat. Quite a bit of room
there. Run overload on 1 ip and run the nine separate no overload. Nine
people will get a 1 to 1. You can the pull IP's off the pool for static
inbound servers on a 1 to 1

Never actually tried separate overload statements/single ip. The pix
will do separate global ip's.

-TV

----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, September 03, 2003 2:29 PM
Subject: NAT - How Many IP Addresses to Overload?

> When NAT is overloaded for a large network to a public IP address
> range, how many IP addresses are generally required / suggested? Of
> course the actual number will depend on traffic patterns and number of

> simultaneous connections.
>
>
>
> The reason I ask is because I configured a 500-user network to an
> overloaded dynamic NAT pool of 10 IP addresses. When I do a "show IP
> nat translations", I see every connection is being NAT'ed to the first

> IP address of the pool on high port numbers. Based on this behavior,
> it is my assumption that NAT will not round-robin to select the public

> IP address to use for a session, but rather select the first available

> IP address in the pool at the time of the translation request.
>
>
>
> Any real-world experience or suggestions on this topic?
>
>
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
>
> CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+ Custom
> Computer Specialists, Inc.
>
> "It's not just about ending up where you want to be, it's about making

> the most of the trip there." -Anonymous
>
>
> ______________________________________________________________________
> _
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Alec: "VoFR problem"
• Previous message: R. Adjakou: "Re: bgp to non-bgp to bgp"
• Maybe in reply to: Kenneth Wygand: "NAT - How Many IP Addresses to Overload?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:22 GMT-3