Lucent Technologies 6000 User Manual

Configuring IP Routing

Configuring system-level routing policies

MAX 6000/3000 Network Configuration Guide

9-25

The advantage of multiple-address NAT is that hosts on the remote network can connect to
specific hosts on the local network, not just specific services such as Web or FTP service. This
advantage can be realized only if the remote DHCP server is configured to assign the same
address whenever a particular local host requests an address. Another reason for using
multiple-address NAT is that network service providers might require it for networks with
more than one host.

When you use multiple-address NAT, hosts on the remote network can connect to any of the
official IP addresses that the MAX borrows from the DHCP server. If the local network must
have more than one IP address that is visible to the remote network, you must use
multiple-address NAT. If hosts on the remote network need to connect to a specific host on the
local network, you can configure the DHCP server to always assign the same address when
that local host requests an address.

When multiple-address NAT is enabled, the MAX attempts to perform IP address translation
on all packets received. (It cannot distinguish between official and private addresses.)

The MAX acts as a DHCP client on behalf of all hosts on the LAN and relies on a remote
DHCP server to provide addresses from a pool of addresses suitable for the remote network.
On the local network, the MAX and the hosts all have local addresses that are only used for
local communication between the hosts and the MAX over the Ethernet.

When the first host on the LAN requests access to the remote network, the MAX obtains an
address through PPP negotiation. When subsequent hosts request access to the remote
network, the MAX sends a DHCP request packet asking for an IP address from the DHCP
server. The server then sends an address from its IP address pool to the MAX. The MAX uses
the dynamic addresses it receives from the server to translate IP addresses on behalf of local
hosts.

As packets are received on the LAN, the MAX determines whether the source IP address has
been assigned a translated address. If so, the packet is translated and forwarded to the Wide
Area Network. If no translation has been assigned (and none is pending), the MAX issues a
DHCP request for the packet’s IP address. While waiting for an IP address to be offered by the
server, the MAX drops corresponding source packets. Similarly, for packets received from the
WAN, the MAX checks the destination address against its table of translated addresses. If the
destination address is in the table and is active, the MAX forwards the packet. If the destination
address is not in the table, or is not active, the MAX drops the packet.

IP addresses are typically offered by the DHCP server only for a limited duration, but the
MAX automatically renews the leases on them. If the connection to the remote server is
dropped, all leased addresses are considered revoked. Therefore, TCP sessions do not persist if
the WAN call disconnects.

The MAX itself does not have an address on the remote network. Therefore, the MAX can
only be accessed from the local network, not from the WAN. For example, you can Telnet to
the MAX from the local network, but not from a remote network.

In some installations, the DHCP server could be handling both NAT DHCP requests and
ordinary DHCP requests. In this situation, if the ordinary DHCP clients are connecting to the
server over a nonbridged connection, you must have a separate DHCP server to handle the
ordinary DHCP requests. The NAT DHCP server only handles NAT DHCP requests.