- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Load balancing & NAT [7:60663] posted 01/10/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

I wonder - is this a situation where specific code level, or the family of
products in question, etc., is causing a discrepancy?

I know the PIX (currently), for example, works as TLaWR states below ... 

However, perhaps in IOS when you specify
	ip nat pool overload (start) (finish) netmask (mask)
it treats it differently since you are explicitly saying to 'overload' ?

... just curious ... 

-----Original Message-----
From: The Long and Winding Road [mailto:groupstudyspamtest@xxxxxxxxxxxxx] 
Sent: Friday, January 10, 2003 11:12 AM
To: cisco@xxxxxxxxxxxxxx
Subject: Re: Load balancing & NAT [7:60663]

""Doug S""  wrote in message
> The way PAT works when overloading multiple addresses is to overload the
> first address in the pool until ALL port numbers are used up.  I can't
> you to any publicly available documentation on this, but cut and pasted
> Network Academy curriculum:
> "However, on a Cisco IOS router, NAT will
>  overload the first address in the pool until
>  it's maxed out, and then move on to the
>  second address, and so on."

I don't think so. I think whoever put this into Cisco training materials
ought to be named and publicly humiliated.

I know from cold hard experience that if you have a pool with several
addresses and overload configured, each addres in the pool is translated one
to one, and then the last number is shared among all comers after that.

isn't there any real technical review of the training materials?

> I've seen people wanting to get around this behavior for a variety of
> reasons and I haven't seen anyone post a good reply.  I've come up with a
> workaround that I beleive should work for you, although you'll have to
> a good look at your inside local addresses and figure out how to best
> those in to two equal groups.  Each group could then be separately
> translated to a different address.
> For instance, if you are now transating 8000 inside addresses all in the
> range of to one overloaded pool, you could configure it to
> translate to one overloaded pool and to a
> overloaded pool something like
> #access-list 1 permit
> #access-list 2 permit
> 24
> #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload
> #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload
> Forgive me if I've screwed up the syntax somewhere, but the idea is there.
> As I said, you'll have to put some thought into what best works in your
> addressing scheme to best separate translated addresses in to two roughly
> equal groups.  You might even find it helpful to partition them in to more
> than two groups.
> Hope it helps.
The information in this email is confidential and may be legally
privileged.  Access to this email by anyone other than the
intended addressee is unauthorized.  If you are not the intended
recipient of this message, any review, disclosure, copying,
distribution, retention, or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful.  If you are not
the intended recipient, please reply to or forward a copy of this
message to the sender and delete the message, any attachments,
and any copies thereof from your system.

Message Posted at:
FAQ, list archives, and subscription info:
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx