Cisco IOS IP Addressing Services Configuration Guide, Release 12.4T
Scalability for Stateful NAT
Download this chapter
Scalability for Stateful NATScalability for Stateful NAT
Download the complete book
Cisco IOS IP Addressing Services Configuration Guide, Release 12.4TCisco IOS IP Addressing Services Configuration Guide, Release 12.4T (PDF - 3 MB)
give_us_feedback

Table Of Contents

Scalability for Stateful NAT

Contents

Restrictions for the Scalability for Stateful NAT Feature

Information About Scalability for Stateful NAT

SNAT Feature Design

Benefits of SNAT Scalability

How to Configure SNAT in HSRP Mode

Configuring SNAT in HSRP Mode

Configuration Examples for SNAT in HSRP Mode

Configuring SNAT in HSRP Mode: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference


Scalability for Stateful NAT

The Scalability for Stateful NAT feature allows Stateful Network Address Translation (SNAT) to control the Hot Standby Router Protocol (HSRP) state change until the NAT information is completely exchanged. The ability to change the default TCP mode to User Datagram Protocol (UDP) mode, and the ability to disable asymmetric queuing have been added. When UDP mode is used, SNAT will send messages over UDP mode using a proprietary acknowledgement/retransmit mechanism.

History for the Scalability for Stateful NAT Feature

Release
Modification

12.4(3)

This feature was introduced.

12.4(4)T

This feature was integrated into Cisco IOS Release 12.4(4)T.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Restrictions for the Scalability for Stateful NAT Feature

Information About Scalability for Stateful NAT

How to Configure SNAT in HSRP Mode

Configuration Examples for SNAT in HSRP Mode

Additional References

Command Reference

Restrictions for the Scalability for Stateful NAT Feature

The Scalability for Stateful NAT feature is not available in Primary/Backup mode.

SNAT features are not backward compatible. See "Configuring NAT for High Availability" for information on SNAT features introduced in other releases of Cisco IOS software.

Information About Scalability for Stateful NAT

Before enabling the Scalability for Stateful NAT feature, be sure you understand the following concepts:

SNAT Feature Design

Benefits of SNAT Scalability

SNAT Feature Design

Two or more Network Address Translators function as a translation group. One member of the group handles traffic requiring translation of IP address information. It also informs the backup translator of active flows as they occur. The backup translator can then use information from the active translator to prepare duplicate translation table entries, and in the event that the active translator is hindered by a critical failure, the traffic can rapidly be switched to the backup. The traffic flow continues since the same network address translations are used, and the state of those translations has been previously defined.

Only sessions that are statically defined already receive the benefit of redundancy without the need for this feature. In the absence of SNAT, sessions that use dynamic NAT mappings would be severed in the event of a critical failure and would have to be reestablished. Stateful NAT enables continuous service for dynamically mapped NAT sessions.

SNAT can be configured to operate with HSRP to provide redundancy and the active and standby state changes are managed by HSRP.

Benefits of SNAT Scalability

This feature enables SNAT control of the HSRP state change until the NAT information is completely exchanged.

The TCP default transport mode can be switched to UDP mode with acknowledgement/retransmit support.

Queuing during asymmetric routing can be disabled to avoid delay in the data path for the creation of new entries and traffic on special ports (Application Layer Gateway (ALG) support).

How to Configure SNAT in HSRP Mode

This section contains the following procedure:

Configuring SNAT in HSRP Mode

Configuring SNAT in HSRP Mode

Perform this task to configure an HSRP router with SNAT.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface ethernet interface-number port-number

4. standby group-name | ip ip-address [secondary]]

5. standby delay reload seconds

6. standby group-number preempt delay minimum seconds reload seconds sync seconds

7. exit

8. ip nat stateful id id-number redundancy name mapping-id map-number [protocol udp] [as-queuing disable]

9. ip nat pool name start-ip end-ip prefix-length prefix-length

10. ip nat inside source route-map name pool pool-name mapping-id map-number [overload]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface ethernet interface-number port-number

Example:

Router(config)# interface ethernet 1/1

Enters interface configuration mode.

Step 4 

standby group-name ip [ip-address [secondary]]

Example:

Router(config-if)# standby SNATHSRP ip 10.1.1.1 secondary

Enables the HSRP protocol.

Step 5 

standby delay reload seconds

Example:

Router(config-if)# standby delay reload 60

This command must be configured in order for SNAT to control HSRP state change until NAT information is completely exchanged.

Step 6 

standby group-number preempt delay minimum seconds reload seconds sync seconds

Example:

Router(config-if)# standby 1 preempt delay minimum 60 reload 60 sync 60

This command must be configured in order for SNAT to control HSRP state change until NAT information is completely exchanged.

Step 7 

exit

Example:

Router(config-if)# exit

Returns to global configuration mode.

Step 8 

ip nat stateful id id-number redundancy name mapping-id map-number [protocol udp] [as-queuing disable]

Example:

Router(config)# ip nat stateful id 1 redundancy snathsrp mapping-id 10 protocol udp as-queuing disable

Specifies SNAT on routers configured for HSRP. The optional UDP protocol and disabling of asymmetic queuing is also configured.

Step 9 

ip nat pool name start-ip end-ip prefix-length prefix-length

Example:

Router(config)# ip nat pool snatpool1 10.1.1.1 10.1.1.9 prefix-length 24


Defines a pool of IP addresses.

Step 10 

ip nat inside source route-map name pool pool-name mapping-id map-number [overload]

Example:

Router(config)# ip nat inside source route-map rm-101 pool snatpool1 mapping-id 10 overload

Enables stateful NAT for the HSRP translation group.


Configuration Examples for SNAT in HSRP Mode

This section provides the following configuration example:

Configuring SNAT in HSRP Mode: Example

Configuring SNAT in HSRP Mode: Example

The following example shows how to configure SNAT in HSRP mode with asymmetric queuing disabled and UDP enabled: 

!

standby delay minimum 30 reload 60

standby 1 ip 10.1.1.1

standby 1 name SNATHSRP

standby 1 preempt delay minimum 60 reload 60 sync 60

!

ip nat Stateful id 1

redundancy SNATHSRP

mapping-id 10

as-queuing disable

protocol udp

ip nat pool SNATPOOL1 10.1.1.1 10.1.1.9 prefix-length 24

ip nat inside source route-map rm-101 pool SNATPOOL1 mapping-id 10 overload

ip classless

ip route 10.1.1.0 255.255.255.0 Null0

no ip http server

ip pim bidir-enable

Additional References

The following sections provide references related to the Scalability for Stateful NAT feature.

Related Documents

Related Topic
Document Title

Using HSRP and SNAT for high availability configuration tasks

"Configuring NAT for High Availability" module

NAT commands: complete command syntax, command mode command history, defaults, usage guidelines, and examples

Cisco IOS IP Addressing Services Command Reference


Standards

Standard
Title

None


MIBs

MIB
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

None


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Command Reference

The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS IP Addressing Command Reference at http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.

ip nat stateful id


Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.