NAT Modes

There are two NAT modes supported by TNSR, configured by the following command:

tnsr(config)# nat global-options nat44 endpoint-dependent (true|false)
false

Endpoint-independent NAT mode. The default NAT mode. Formerly known as “simple” NAT mode. Holds less information for each session, but only works with outbound NAT and static mappings.

true

Endpoint-dependent NAT mode. Uses more information to track each session, which also enables additional features such as out-to-in-only and twice-nat.

Note

There must be at least one inside and outside interface for NAT to function, see Network Address Translation and Outbound NAT for more details.

Warning

The mode cannot be changed while NAT is enabled. Disable NAT before running this command (Enable NAT).

Endpoint-independent NAT

Endpoint-independent NAT is the most basic NAT mode. It tracks sessions in a hash table using four items:

  • Source IP address

  • Source port

  • Protocol

  • FIB table index

Endpoint-dependent NAT

Endpoint-dependent NAT mode tracks more information about each connection. As suggested by the name, the key difference is in tracking the destination of the connection:

  • Source IP address

  • Source port

  • Target IP address

  • Target port

  • Protocol

  • FIB table index

Some NAT features require this extra information, notably out-to-in-only and twice-nat.