GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Load balancing & NAT [7:60663] posted 01/10/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


I wonder - is this a situation where specific code level, or the family of
products in question, etc., is causing a discrepancy?

I know the PIX (currently), for example, works as TLaWR states below ... 

However, perhaps in IOS when you specify
	ip nat pool overload (start) (finish) netmask (mask)
it treats it differently since you are explicitly saying to 'overload' ?


... just curious ... 
Thanks!
TJ
tjevans@xxxxxxxxxxxxxxxx



-----Original Message-----
From: The Long and Winding Road [mailto:groupstudyspamtest@xxxxxxxxxxxxx] 
Sent: Friday, January 10, 2003 11:12 AM
To: cisco@xxxxxxxxxxxxxx
Subject: Re: Load balancing & NAT [7:60663]

""Doug S""  wrote in message
news:200301092015.UAA24039@xxxxxxxxxxxxxxxxx
> The way PAT works when overloading multiple addresses is to overload the
> first address in the pool until ALL port numbers are used up.  I can't
point
> you to any publicly available documentation on this, but cut and pasted
from
> Network Academy curriculum:
>
> "However, on a Cisco IOS router, NAT will
>  overload the first address in the pool until
>  it's maxed out, and then move on to the
>  second address, and so on."


I don't think so. I think whoever put this into Cisco training materials
ought to be named and publicly humiliated.

I know from cold hard experience that if you have a pool with several
addresses and overload configured, each addres in the pool is translated one
to one, and then the last number is shared among all comers after that.

isn't there any real technical review of the training materials?


>
> I've seen people wanting to get around this behavior for a variety of
> reasons and I haven't seen anyone post a good reply.  I've come up with a
a
> workaround that I beleive should work for you, although you'll have to
take
> a good look at your inside local addresses and figure out how to best
define
> those in to two equal groups.  Each group could then be separately
> translated to a different address.
>
> For instance, if you are now transating 8000 inside addresses all in the
> range of 10.0.32.0/19 to one overloaded pool, you could configure it to
> translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a
separate
> overloaded pool something like
>
> #access-list 1 permit 10.0.32.0 0.0.15.255
> #access-list 2 permit 10.0.48.0 0.0.15.255
> #ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre
24
> #ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10
pre
> 24
> #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload
> #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload
>
> Forgive me if I've screwed up the syntax somewhere, but the idea is there.
> As I said, you'll have to put some thought into what best works in your
> addressing scheme to best separate translated addresses in to two roughly
> equal groups.  You might even find it helpful to partition them in to more
> than two groups.
>
> Hope it helps.
******************************************************************************
The information in this email is confidential and may be legally
privileged.  Access to this email by anyone other than the
intended addressee is unauthorized.  If you are not the intended
recipient of this message, any review, disclosure, copying,
distribution, retention, or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful.  If you are not
the intended recipient, please reply to or forward a copy of this
message to the sender and delete the message, any attachments,
and any copies thereof from your system.
******************************************************************************




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60825&t=60663
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx