If the ICMP NAT session timeout is set to a very large duration (240 seconds) it can tie up precious NAT
resources such as Query mappings and NAT Sessions for the whole duration. Also, if the timeout is set to
very low it can result in premature freeing of NAT resources and applications failing to complete gracefully.
The ICMP Query session timeout needs to be a balance between the two extremes. A 60-second timeout is a
balance between the two extremes.
Implementing NAT with TCP
This section explains the various NAT behaviors that are applicable to TCP connection initiation. The detailed
NAT with TCP functionality is defined in RFC 5382.
Address and Port Mapping Behavior
A NAT translates packets for each TCP connection using the mapping. A mapping is dynamically allocated
for connections initiated from the internal side, and potentially reused for certain connections later.
Internally Initiated Connections
A TCP connection is initiated by internal endpoints through a NAT by sending SYN packet. All the external
IP address and port used for translation for that connection are defined in the mapping.
Generally for the client-server applications where an internal client initiates the connection to an external
server, to translate the outbound SYN, the resulting inbound SYN-ACK response mapping is used, the
subsequent outbound ACK, and other packets for the connection.
The 3-way handshake corresponds to method of connection initiation.
Externally Initiated Connections
For the first connection that is initiated by an internal endpoint NAT allocates the mapping. For some situations,
the NAT policy may allow reusing of this mapping for connection initiated from the external side to the
internal endpoint.
Implementing NAT 44 over ISM
These sections provide the information about implementation of NAT.
The following figure illustrates the implementation of NAT 44 over ISM
Cisco IOS XR Carrier Grade NAT Configuration Guide for the Cisco CRS Router, Release 5.2.x
8 OL-32659-01
Implementing Carrier Grade NAT on Cisco IOS XR Software
Implementing NAT with TCP
To Next Page
Loading...
Need help?
General
