I have 5 internal vlans mapped to one real Ip to access internet.
I want to ask about using 2 real Ips instead of one real Ip !!!
Does it differ from the current state or not ? and how ?
Solved! Go to Solution.
Dear Jody ;
thank you for your replay,
But i ask about the difference between using more than one public IPv4 and using only one public Ipv4 regardless of internal vlans.
as example if i have 200 users inside the network ; Is there a difference in Internet access in the case of the using 2 public Ips instead Of one.
Okay, there isn't much difference except that you would define your two public IPv4 addresses in a NAT pool and overload the pool rather than the interface.
Something like this:
ip access-list standard ACL_NAT permit 10.0.0.0 0.255.255.255 permit 172.16.0.0 0.15.255.255 permit 192.168.0.0 0.0.255.255 ! ip nat pool NAT_Pool_WAN 198.51.100.1 198.51.100.2 netmask 255.255.255.0 ip nat inside source static list ACL_NAT pool NAT_Pool_WAN overload
Ok i understand this ,
but does it affect the performance !!!
or what's the advantage of using it, and what's the advantage of allocate sessions on two addresses.
It neither increases or decreases performance in any significant way.
The advantage to overloading NAT on multiple IPv4 addresses is in the number of sessions you can support. Overloaded NAT works by multiplexing the ports used by many inside hosts onto the available ports of one or more outside IPv4 addresses. If you have a huge number of inside hosts, there's a good possibility of running into the limit of available ports on the outside IPv4 address. By adding multiple outside addresses, you increase the port space available to your NAT overload process.
Ok as i understand it depend on the source port , so i have 2^16 session for one Public Ip.
this mean that it will be useful if no. of users exceed this number.!
Definitely. Maybe even 10% of this number, especially when you consider that many users have multiple Internet-connected applications running simultaneously
The allocation would be always by using the first available ip address in the pool, and the first available port on that global ip address. Let's take an example of two hosts located in the inside lan, and we are using Dynamic NAT using overloading with a specific pool, when host-1 and host-2 initiate a connection towards the outside, both of their private ip addresses would be translated to the same first available global ip address in the pool, and each connection of them would have a different source port that would be tied to it as long as the connection is active, same concept for the remaining hosts, in other words, all local ip address would use same global ip address until the available ports on that global ip address are run out, in that case the second available global ip address would be used starting with the first available port on it. This mechanism continues until it runs out of any available global ip address defined in the pool, in your scenario it would run out after running out the available ports on the two global ip addresses used in the pool. Please keep in mind that the available ports on one ip address would be 64500 ports, so to run out all those ports on two ip addresses you should have almost 64500 x 2 = 129000 simultaneous connections.