IP Addressing: NAT Configuration Guide, Cisco IOS Release 15M&T
Scalability for Stateful NAT
Downloads: This chapterpdf (PDF - 1.24MB) The complete bookPDF (PDF - 4.47MB) | The complete bookePub (ePub - 1.09MB) | Feedback

Scalability for Stateful NAT

Scalability for Stateful NAT

The Scalability for Stateful NAT feature allows Stateful Network Address Translation (SNAT) to control the Hot Standby Router Protocol (HSRP) state change until the NAT information is completely exchanged. The ability to change the default TCP mode to User Datagram Protocol (UDP) mode, and the ability to disable asymmetric queuing have been added. When UDP mode is used, SNAT will send messages over UDP mode using a proprietary acknowledgement/retransmit mechanism.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for the Scalability for Stateful NAT Feature

The Scalability for Stateful NAT feature is not available in Primary/Backup mode.

SNAT features are not backward compatible. See “Configuring NAT for High Availability” for information on SNAT features introduced in other releases of Cisco IOS software.

Information About Scalability for Stateful NAT

SNAT Feature Design

Two or more Network Address Translators function as a translation group. One member of the group handles traffic requiring translation of IP address information. It also informs the backup translator of active flows as they occur. The backup translator can then use information from the active translator to prepare duplicate translation table entries, and in the event that the active translator is hindered by a critical failure, the traffic can rapidly be switched to the backup. The traffic flow continues since the same network address translations are used, and the state of those translations has been previously defined.

Only sessions that are statically defined already receive the benefit of redundancy without the need for this feature. In the absence of SNAT, sessions that use dynamic NAT mappings would be severed in the event of a critical failure and would have to be reestablished. Stateful NAT enables continuous service for dynamically mapped NAT sessions.

SNAT can be configured to operate with HSRP to provide redundancy and the active and standby state changes are managed by HSRP.

Benefits of SNAT Scalability

This feature enables SNAT control of the HSRP state change until the NAT information is completely exchanged.

  • The TCP default transport mode can be switched to UDP mode with acknowledgement/retransmit support.
  • Queuing during asymmetric routing can be disabled to avoid delay in the data path for the creation of new entries and traffic on special ports (Application Layer Gateway (ALG) support).

How to Configure SNAT in HSRP Mode

Configuring SNAT in HSRP Mode

Perform this task to configure an HSRP router with SNAT.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    interface ethernet interface-number port-number

    4.    standby group-name ip [ip-address[secondary]]

    5.    standby delay reload seconds

    6.    standby group-number preempt delay minimum seconds reload seconds sync seconds

    7.    exit

    8.    ip nat stateful id id-number redundancy name mapping-id map-number [protocol udp] [as-queuing disable]

    9.    ip nat pool name start-ip end-ip prefix-length prefix-length

    10.    ip nat inside source route-map name pool pool-name mapping-id map-number [overload]


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables higher privilege levels, such as privileged EXEC mode.

    Enter your password if prompted.

     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 interface ethernet interface-number port-number


    Example:
    Router(config)# interface ethernet 1/1 
     

    Enters interface configuration mode.

     
    Step 4 standby group-name ip [ip-address[secondary]]


    Example:
    Router(config-if)# standby SNATHSRP ip 10.1.1.1 secondary
     

    Enables the HSRP protocol.

     
    Step 5 standby delay reload seconds


    Example:
    Router(config-if)# standby delay reload 60
     

    This command must be configured in order for SNAT to control HSRP state change until NAT information is completely exchanged.

     
    Step 6 standby group-number preempt delay minimum seconds reload seconds sync seconds


    Example:
    Router(config-if)# standby 1 preempt delay minimum 60 reload 60 sync 60
     

    This command must be configured in order for SNAT to control HSRP state change until NAT information is completely exchanged.

     
    Step 7 exit


    Example:
    Router(config-if)# exit
     

    Returns to global configuration mode.

     
    Step 8 ip nat stateful id id-number redundancy name mapping-id map-number [protocol udp] [as-queuing disable]


    Example:
    Router(config)# ip nat stateful id 1 redundancy snathsrp mapping-id 10 protocol udp as-queuing disable
     

    Specifies SNAT on routers configured for HSRP. The optional UDP protocol and disabling of asymmetic queuing is also configured.

     
    Step 9 ip nat pool name start-ip end-ip prefix-length prefix-length


    Example:
    Router(config)# ip nat pool snatpool1 10.1.1.1 10.1.1.9 prefix-length 24
     

    Defines a pool of IP addresses.

     
    Step 10 ip nat inside source route-map name pool pool-name mapping-id map-number [overload]


    Example:
    Router(config)# ip nat inside source route-map rm-101 pool snatpool1 mapping-id 10 overload
     

    Enables stateful NAT for the HSRP translation group.

     

    Configuration Examples for SNAT in HSRP Mode

    Configuring SNAT in HSRP Mode Example

    The following example shows how to configure SNAT in HSRP mode with asymmetric queuing disabled and UDP enabled:

    !
    standby delay minimum 30 reload 60
    standby 1 ip 10.1.1.1
    standby 1 name SNATHSRP
    standby 1 preempt delay minimum 60 reload 60 sync 60
    !
    ip nat Stateful id 1
    redundancy SNATHSRP
    mapping-id 10
    as-queuing disable
    protocol udp
    ip nat pool SNATPOOL1 10.1.1.1 10.1.1.9 prefix-length 24
    ip nat inside source route-map rm-101 pool SNATPOOL1 mapping-id 10 overload
    ip classless
    ip route 10.1.1.0 255.255.255.0 Null0
    no ip http server
    ip pim bidir-enable

    Additional References for Stateless Network Address Translation 64

    Related Documents

    Related Topic Document Title

    Cisco IOS commands

    Cisco IOS Master Command List, All Releases

    NAT commands

    Cisco IOS IP Addressing Services Command Reference

    Standards and RFCs

    Standard/RFC Document Title

    RFC 6052

    IPv6 Addressing of IPv4/IPv6 Translators

    RFC 6144

    Framework for IPv4/IPv6 Translation

    RFC 6145

    IP/ICMP Translation Algorithm

    Technical Assistance

    Description

    Link

    The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

    Feature Information for Scalability for Stateful NAT

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

    Table 1 Feature Information for <Phrase Based on Module Title>

    Feature Name

    Releases

    Feature Information

    Scalability for Stateful NAT

    12.4(3) 12.4(4)T

    The Scalability for Stateful NAT feature allows Stateful Network Address Translation (SNAT) to control the Hot Standby Router Protocol (HSRP) state change until the NAT information is completely exchanged. The ability to change the default TCP mode to User Datagram Protocol (UDP) mode, and the ability to disable asymmetric queuing have been added. When UDP mode is used, SNAT will send messages over UDP mode using a proprietary acknowledgement/retransmit mechanism.