We just purchased a new company and I have been tasked to provide a NAT solution, because we have overlapping networks. I have the solution figured out:
Dynamic NAT with the "match host" option and DNS to accomplish what we need to do.
The question I have is performance. I am not sure how heavy the hardware requirements will be for this. I understand that DNS doctoring will do packet rewrites (performance hit?) for DNS replies. We were thinking of putting in a 2821 or 3800 series router. Would a firewall have more horsepower to perform this function?
The device will be JUST doing nat and maybe some simple routing.
Is there a doc that shows the maximum number of NAT translations per device (per memory load?)?
I have a requirement for dynamic nat pools and the "match host" option. I do not want the configuration and maintenance of static NAT entries.
Would the router/ASA do the DNS doctoring in hardware or software?
Would the router/ASA do the normal NAT translations in hardware or software?
Would CEF work for the NAT translations or would it be process switched?
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...