21 network address translation configuration, 1 configuring nat, Network address translation configuration -1 – Riverstone Networks WICT1-12 User Manual

Riverstone Networks RS Switch Router User Guide Release 8.0 21-1

21 NETWORK ADDRESS

TRANSLATION CONFIGURATION

Network Address Translation (NAT) allows an IP address used within one network to be translated into a different
IP address used within another network. NAT is often used to map addresses used in a private, local intranet to
one or more addresses used in the public, global Internet. NAT provides the following benefits:

•

Limits the number of IP addresses used for private intranets that are required to be registered
with the Internet Assigned Numbers Authority (IANA).

•

Conserves the number of global IP addresses needed by a private intranet (for example, an entity
can use a single IP address to communicate on the Internet).

•

Maintains privacy of local networks, as internal IP addresses are hidden from public view.

With NAT, the local network is designated the inside network and the global Internet is designated the outside
network. In addition, the RS supports Port Address Translation (PAT) for either static or dynamic address
bindings.

The RS allows you to create the following NAT address bindings:

•

Static, one-to-one binding of inside, local address or address pool to outside, global address or
address pool. A static address binding does not expire until the command that defines the
binding is negated. IP addresses defined for static bindings cannot be reassigned. For static
address bindings, PAT allows TCP or UDP port numbers to be translated along with the IP
addresses.

•

Dynamic binding between an address from a pool of local addresses to an address from a pool
of outside addresses. With dynamic address binding, you define local and global address pools
from which the addresses bindings can be made. IP addresses defined for dynamic binding are
reassigned whenever they become free. For dynamic address bindings, PAT allows port address
translation if no addresses are available from the global address pool. PAT allows port address
translation for each address in the global pool. The ports are dynamically assigned between the
range of 1024 to 4999. Hence, you have about 4,000 ports per global IP address.

Dynamic bindings are removed automatically when the flow count goes to zero. At this point, the
corresponding port (if PAT enabled) or the global IP address is freed and can be reused the next time.
Although there are special cases like FTP where the flows are not installed for the control path, the binding
will be removed only by the dynamic binding timeout interval.

21.1 CONFIGURING NAT

The following are the steps in configuring NAT on the RS:

1.

Setting the NAT interfaces to be “inside” or “outside.”

2.

Setting the NAT rules (static or dynamic).