How to Configure the NAT Function on NE40E Router?

Abstract

This topic will focus on how configure the NAT function on NE40E router for easy NAT deployment.

Introduction to NAT

NAT helps multiple users to share only a few valid public network addresses when the users attempt to access the Internet. NAT configuration is simple and secure.

As the Internet is developed and network applications grow, IPv4 addresses are running out, which constrains network development. Before IPv6 is widely used to replace IPv4 that has been running on various network devices and bearing a majority of existing applications, some IPv4-to-IPv6 transition techniques can be used to alleviate IPv4 address shortage.

NAT translates IP addresses in IP datagram headers between private and public networks when devices on a private network attempt to access the Internet. NAT translates many private IP addresses to a few public IP addresses, which alleviates IP address exhaustion.

LPUF-51-E/LPUI-51-E/LPUI-51-S and VSUF-80/VSUF-160 can be installed on NE40Es to perform NAT. The VSUF-80/VSUF-160 provides high NAT processing performance. The LPUF-51-E/LPUI-51-E/LPUI-51-Ss are used on enterprise networks and have lower NAT processing performance. Common NAT is performed on CPEs, and carrier grade NAT (CGN) is performed on carriers’ core routers (CRs) or broadband remote access servers (BRASs). NAT is enabled on the customer premises equipment (CPE) to which home users’ terminals or enterprise devices are attached. In this situation, only a few NAT sessions are established on the CPE. A large number of NAT sessions have to be established on each CR or BRAS.

Configuration Logic Overview

The understanding of NAT configuration logic will help you complete configuration tasks quickly and accurately.

NAT can be configured to translate IP addresses between private and public networks and hide private IP addresses from external networks.

The NAT configuration logic on a LPUF-51-E/LPUI-51-E/LPUI-51-S differs from that on the VSUF-80/VSUF-160. The configurations are as follows:

  • On a LPUF-51-E/LPUI-51-E/LPUI-51-S, NAT processing performance is average, and the process of configuring NAT is as follows:
  1. Specify the LPUF-51-E/LPUI-51-E/LPUI-51-S working mode.
  2. Configure basic NAT functions, involving binding a service board to a NAT instance and an address pool and setting a port allocation mode.
  3. After basic NAT functions are configured, a NAT traffic distribution policy and NAT translation policy are applied to the inbound or outbound direction. Configure centralized NAT translation.
  4. To allow public network users to access servers inside a private network, configure a NAT device so that public IP addresses can be used to access internal servers.
  5. To enable transparent translation for some application layer protocols, configure NAT ALG.
  6. To enable NAT reliability, configure single-device inter-board NAT backup.
  7. To improve NAT translation security, configure security.
  8. To strengthen the device administrator’s capability to monitor NAT services in real time, configure NAT maintainability.
  9. To improve NAT operation performance, set the aging time for the NAT session table and adjust the MSS.
  • On a VSUF-80/VSUF-160, NAT processing performance is good, and the process of configuring NAT is as follows:
  1. Before using NAT functions, configure NAT bandwidth and session table resources.
  2. If a single CPU of a board is bound to a NAT instance, configure basic NAT functions. If more than one CPU of a board is bound to a NAT instance, configure NAT load balancing.
  3. To implement 1-to-1 public and private address mapping, configure the static source tracing algorithm.
  4. Configure NAT translation for distributed user traffic or centralized user traffic based on a specific scenario.
  5. To allow public network users to access servers inside a private network, configure a NAT device so that public IP addresses can be used to access internal servers.
  6. To enable transparent translation for some application layer protocols, configure NAT ALG.
  7. To enable NAT reliability, configure single-device inter-board NAT backup and inter-chassis backup.
  8. To improve NAT translation security, configure security.
  9. To strengthen the device administrator’s capability to monitor NAT services in real time, configure NAT maintainability.
  10. To improve NAT operation performance, set the aging time for the NAT session table and adjust the MSS.
Configure the Simplified NAT Function

A simplified NAT configuration model allows for easy NAT deployment.

Usage Scenario

Configuring Basic NAT Functions (Common Mode), you have to manually perform the following operations:

1, Create a service-location backup group and bind it to the service board.

2, Create a service-instance-group instance group and bind it to a service-location backup group.

3, Create a NAT instance and bind it to a service-instance-group service instance group.

In common mode, NAT configuration is complex. Simplified NAT functions ease NAT deployment.

END

Tags