Guest

Cisco IOS Software Releases 12.4 Mainline

Scalability for Stateful NAT

  • Viewing Options

  • PDF (241.7 KB)
  • Feedback
Scalability for Stateful NAT

Table Of Contents

Scalability for Stateful NAT

Contents

Restrictions for the Scalability for Stateful NAT Feature

Information About Scalability for Stateful NAT

SNAT Feature Design

Benefits of SNAT Scalability

How to Configure SNAT in HSRP Mode

Configuring SNAT in HSRP Mode

Configuration Examples for SNAT in HSRP Mode

Configuring SNAT in HSRP Mode: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

ip nat stateful id


Scalability for Stateful NAT


The Scalability for Stateful NAT feature allows Stateful Network Address Translation (SNAT) to control the Hot Standby Router Protocol (HSRP) state change until the NAT information is completely exchanged. The ability to change the default TCP mode to User Datagram Protocol (UDP) mode, and the ability to disable asymmetric queuing have been added. When UDP mode is used, SNAT will send messages over UDP mode using a proprietary acknowledgement/retransmit mechanism.

History for the Scalability for Stateful NAT Feature

Release
Modification

12.4(3)

This feature was introduced.

12.4(4)T

This feature was integrated into Cisco IOS Release 12.4(4)T.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Restrictions for the Scalability for Stateful NAT Feature

Information About Scalability for Stateful NAT

How to Configure SNAT in HSRP Mode

Configuration Examples for SNAT in HSRP Mode

Additional References

Command Reference

Restrictions for the Scalability for Stateful NAT Feature

The Scalability for Stateful NAT feature is not available in Primary/Backup mode.

Information About Scalability for Stateful NAT

Before enabling the Scalability for Stateful NAT feature, be sure you understand the following concepts:

SNAT Feature Design

Benefits of SNAT Scalability

SNAT Feature Design

Two or more Network Address Translators function as a translation group. One member of the group handles traffic requiring translation of IP address information. It also informs the backup translator of active flows as they occur. The backup translator can then use information from the active translator to prepare duplicate translation table entries, and in the event that the active translator is hindered by a critical failure, the traffic can rapidly be switched to the backup. The traffic flow continues since the same network address translations are used, and the state of those translations has been previously defined.

Only sessions that are statically defined already receive the benefit of redundancy without the need for this feature. In the absence of SNAT, sessions that use dynamic NAT mappings would be severed in the event of a critical failure and would have to be reestablished. Stateful NAT enables continuous service for dynamically mapped NAT sessions.

SNAT can be configured to operate with HSRP to provide redundancy and the active and standby state changes are managed by HSRP.

Benefits of SNAT Scalability

This feature enables SNAT control of the HSRP state change until the NAT information is completely exchanged.

The TCP default transport mode can be switched to UDP mode with acknowledgement/retransmit support.

Queuing during asymmetric routing can be disabled to avoid delay in the data path for the creation of new entries and traffic on special ports (Application Layer Gateway (ALG) support).

How to Configure SNAT in HSRP Mode

This section contains the following procedure:

Configuring SNAT in HSRP Mode

Configuring SNAT in HSRP Mode

Perform this task to configure an HSRP router with SNAT.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface ethernet interface-number port-number

4. standby delay minimum min-seconds reload reload-seconds

5. standby [group-number] ip [ip-address [secondary]]

6. standby [group-number] name group-name

7. standby [group-number] preempt  [delay {minimum seconds reload seconds sync seconds}]

8. exit

9. ip nat stateful id id-number redundancy name mapping-id map-number [protocol udp] [as-queuing disable]

10. ip nat pool name start-ip end-ip prefix-length prefix-length

11. ip nat inside source route-map name pool pool-name mapping-id map-number [overload]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface ethernet interface-number port-number

Example:

Router(config)# interface ethernet 1/1

Enters interface configuration mode.

Step 4 

standby delay minimum min-seconds reload reload-seconds

Example:

Router# standby delay minimum 30 reload 60

Configures the delay period between the initialization of HSRP groups.

This command must be configured in order for SNAT to control HSRP state change until NAT information is completely exchanged.

Step 5 

standby group-name ip [ip-address [secondary]]

Example:

Router(config-if)# standby SNATHSRP ip 10.1.1.1

Enables the HSRP protocol.

Step 6 

standby [group-number] name group-name

Example:

Router(config-if)# standby name SNATHSRP

Configures the name of an HSRP group.

Step 7 

standby group-number preempt delay minimum seconds reload seconds sync seconds

Example:

Router(config-if)# standby 1 preempt delay minimum 60 reload 60 sync 60

This command must be configured in order for SNAT to control HSRP state change until NAT information is completely exchanged.

Step 8 

exit

Example:

Router(config-if)# exit

Returns to global configuration mode.

Step 9 

ip nat stateful id id-number redundancy name mapping-id map-number [protocol udp] [as-queuing disable]

Example:

Router(config)# ip nat stateful id 1 redundancy snathsrp mapping-id 10 protocol udp as-queuing disable

Specifies SNAT on routers configured for HSRP. The optional UDP protocol and disabling of asymmetic queuing is also configured.

Step 10 

ip nat pool name start-ip end-ip prefix-length prefix-length

Example:

Router(config)# ip nat pool snatpool1 10.1.1.1 10.1.1.9 prefix-length 24


Defines a pool of IP addresses.

Step 11 

ip nat inside source route-map name pool pool-name mapping-id map-number [overload]

Example:

Router(config)# ip nat inside source route-map rm-101 pool snatpool1 mapping-id 10 overload

Enables stateful NAT for the HSRP translation group.


Configuration Examples for SNAT in HSRP Mode

This section provides the following configuration example:

Configuring SNAT in HSRP Mode: Example

Configuring SNAT in HSRP Mode: Example

The following example shows how to configure SNAT in HSRP mode with asymmetric queuing disabled and UDP enabled:

!
standby delay minimum 30 reload 60
standby 1 ip 10.1.1.1
standby 1 name SNATHSRP
standby 1 preempt delay minimum 60 reload 60 sync 60
!
ip nat Stateful id 1
redundancy SNATHSRP
mapping-id 10
as-queuing disable
protocol udp
ip nat pool SNATPOOL1 10.1.1.1 10.1.1.9 prefix-length 24
ip nat inside source route-map rm-101 pool SNATPOOL1 mapping-id 10 overload
ip classless
ip route 10.1.1.0 255.255.255.0 Null0
no ip http server
ip pim bidir-enable

Additional References

The following sections provide references related to the Scalability for Stateful NAT feature.

Related Documents

Related Topic
Document Title

Stateful NAT Phase 1 configuration tasks

Stateful Failover of Network Address Translation (SNAT) Phase I, Release 12.2(13)T

Stateful NAT Phase 2 configuration tasks

NAT Stateful Failover for Asymmetric Outside-to-Inside ALG Support—Stateful NAT Phase 2, Release 12.3(7)T

IP NAT commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

Cisco IOS IP Addressing Services Command Reference, Release 12.4T

IP NAT configuration tasks

"NAT" section of the Cisco IOS IP Addressing Services Configuration Guide, Release 12.4


Standards

Standard
Title

None


MIBs

MIB
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

None


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Command Reference

This section documents one modified command only.

ip nat stateful id

ip nat stateful id

To designate the members of a translation group, use the ip nat stateful id command in global configuration mode. To disable the members of a translation group or reset default values, use the no form of this command.

ip nat stateful id id-number {redundancy name mapping-id map-number [protocol {tcp | udp}] [as-queuing {disable | enable}] | {primary ip-address-primary backup ip-address-backup peer ip-address-peer mapping-id mapping-id-number}

no ip nat stateful id id-number

Syntax Description

id-number

Unique number given to each router in the stateful translation group.

redundancy name

Establishes Hot Standby Routing Protocol (HSRP) as the method of redundancy.

mapping-id map-number

Specifies whether or not the local SNAT router will distribute a particular set of locally created entries to a peer SNAT router.

protocol

(Optional) Enables the HSRP UDP default to be changed to TCP.

tcp

(Optional) Establishes the Transmission Control Protocol.

udp

(Optional) Establishes the User Datagram Protocol.

as-queuing

(Optional) Enables asymmetric routing during queuing for HSRP to be disabled.

disable

(Optional) Disables asymmetric routing during queuing in HSRP mode.

enable

(Optional) Enables asymmetric routing during queuing in HSRP mode.

primary ip-address-primary

Manually establishes redundancy for the primary router.

backup ip-address-backup

Manually establishes redundancy for the backup router.

peer ip-address-peer

Specifies the IP address of the peer router in the translation group.


Command Modes

Global configuration

Command History

Release
Modification

12.2(13)T

This command was introduced.

12.4(3)

The protocol and as-queuing keywords were added.

12.4(4)T

This command was intregrated into Cisco IOS Release 12.4(4)T.


Usage Guidelines

This command has two forms: HSRP stateful NAT and manual stateful NAT. The form that uses the keyword redundancy establishes the HSRP redundancy method. When HSRP mode is set, the primary and backup NAT routers are elected according to the HSRP standby state. To enable stateful NAT manually, configure the primary router and backup router.

In HSRP mode, the default TCP can be changed to UDP by using the optional protocol udp keywords with the redundancy keyword.

To disable the queuing during asymmetric routing in HSRP mode, use the optional as-queuing disable keywords with the redundancy keyword.

Examples

The following example shows how to configure SNAT with HSRP:

!
standby SNATSRSP ip 10.1.1.1 secondary
standby delay reload 60
standby 1 preempt delay minimum 60 reload 60 sync 60
!
ip nat Stateful id 1
redundancy SNATHSRP
mapping-id 10
as-queuing disable
protocol udp
ip nat pool SNATPOOL1 10.1.1.1 10.1.1.9 prefix-length 24
ip nat inside source route-map rm-101 pool SNATPOOL1 mapping-id 10 overload
ip classless
ip route 10.1.1.0 255.255.255.0 Null0
no ip http server
ip pim bidir-enable

The following example shows how to manually configure SNAT:

ip nat stateful id 1
primary 10.88.194.17
peer 10.88.194.18
mapping-id 10

ip nat stateful id 2
backup 10.88.194.18
peer 10.88.194.17
mapping-id 10

Related Commands

Command
Description

ip nat

Designates that traffic originating from or destined for the interface is subject to NAT.

ip nat inside destination

Enables NAT of the inside destination address.

ip nat inside source

Enables NAT of the inside source address.

ip nat outside source

Enables NAT of the outside source address.

ip nat pool

Defines a pool of IP addresses for NAT.

ip nat service

Changes the amount of time after which NAT translations time out.

show ip nat statistics

Displays NAT statistics.

show ip nat translations

Displays active NAT translations.