Tip

This is the documentation for the 20.08 version. Looking for the documentation of the latest version? Have a look here.

Dataplane NAT Modes

The dataplane has several NAT modes that may be used. This mode is configured via the dataplane nat mode <mode> command from config mode.

The following modes are available:

simple

Simple NAT mode. Holds less information for each session, but only works with outbound NAT and static mappings.

endpoint-dependent

Endpoint-dependent NAT mode. The default mode. Uses more information to track each session, which also enables additional features such as out-to-in-only and twice-nat.

deterministic

Deterministic NAT (CGN) mode. Used for large-scale deployments with a focus on performance at a cost of using much more memory.

After changing the NAT mode, the dataplane must be restarted with service dataplane restart.

Note

There must be at least one inside and outside interface for NAT to function, see Network Address Translation and Outbound NAT for more details.

Simple NAT

Simple NAT is the most basic NAT mode. It tracks sessions in a hash table using four items:

  • Source IP address

  • Source port

  • Protocol

  • FIB table index

Simple NAT has a couple basic options that may be adjusted using the dataplane nat mode-options simple <option> command:

out2in-dpo

Enables out-to-in DPO. When enabled, special routes are added to the FIB for NAT pool addresses and inbound packets on an outside interface do not have NAT applied by default. When TNSR processes inbound packets it performs a route lookup, and if the destination is a NAT pool address the route lookup will find the special NAT route and only then will TNSR apply NAT to the packet.

This allows for increased performance in mixed environments where NAT is not applied to all traffic. It also enables forwarding for routed (non-NAT) packets so that TNSR may have a mix of NAT and routed interfaces attached locally.

static-mapping-only

Static mapping only, disables dynamic translation of connections.

Endpoint-dependent NAT

Endpoint-dependent NAT mode is the default NAT mode on TNSR. Endpoint-dependent NAT mode tracks more information about each connection. As suggested by the name, the key difference is in tracking the destination of the connection:

  • Source IP address

  • Source port

  • Target IP address

  • Target port

  • Protocol

  • FIB table index

Some NAT features require this extra information, notably out-to-in-only and twice-nat.

Deterministic NAT

Deterministic NAT mode, also known as Carrier-Grade NAT (CGN) mode, is geared for maximum performance at a large scale. This performance comes at a price, however, in that it consumes greater amounts of memory to achieve its goals.

For more information on Deterministic NAT, see Deterministic NAT.