Deterministic NATΒΆ

Deterministic NAT mode, also known as Carrier-Grade NAT (CGN) mode, is geared for maximum performance at a large scale. This performance comes at a price, however, in that it consumes greater amounts of memory to achieve its goals.

To switch the NAT mode used by TNSR, see Dataplane NAT Modes.

Deterministic NAT pre-allocates 1000 external ports per inside address, which can increase memory requirements significantly. Each single session requires approximately 15 Bytes of memory.

Deterministic NAT enforces maximum numbers of NAT sessions per user, and only works for TCP, UDP, and ICMP protocols.

Deterministic NAT requires a mapping, configured as follows:

tnsr(config)# nat deterministic mapping inside <inside-prefix> outside <outside-prefix>

In this command, the parameters to replace are:

inside <inside-prefix>:
 The internal subnet containing local users, for example, 198.18.0.0/15.
outside <outside-prefix>:
 The external subnet to which these users will be mapped using deterministic NAT. For example, 203.0.113.128/25.

Configured mappings may be viewed as follows:

tnsr(config)# show nat deterministic-mappings
Deterministic Mappings
----------------------

Inside        Outside              Ratio     Ports  Sessions
------------- ---------------- --------- --------- ---------
198.14.0.0/15 203.0.113.128/25      1024        63         0

NAT Reassembly Parameters
-------------------------