Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
8
Replies

Number of NAT Translations a 3640 can handle

Erick Bergquist
Level 6
Level 6

‎02-01-2003 09:53 PM - edited ‎03-02-2019 04:44 AM

Hi,

Just curious if anyone has any #s on how many active NAT translations a 3640 can handle before it starts having issues. Found a cisco doc that saids a NPE-300 (7200 series) can handle 20,000 to 40,000 before a 'meltdown' occurs.

Labels:
0 Helpful
8 Replies 8

jhalldn
Level 1
Level 1

‎02-02-2003 01:19 AM

I dont think there are a maximum count for NAT, its all about how much DRAM and CPU capacity the box have. Please correct me if im wrong!

But if your using overload, there should be a limit with free ports (UDP/TCP) in the range 0-65535 per address.

0 Helpful

yuzuohong
Level 1
Level 1
In response to jhalldn

‎02-02-2003 06:45 AM

Hi,

I'm a freshman to NAT. But, according to your 65535 ports limitation rule, does it mean that every PAT device has this limitation? No matter I use linux firewall, windows firewall or hardware router?

zuohong

0 Helpful

Erick Bergquist
Level 6
Level 6
In response to yuzuohong

‎02-02-2003 11:49 AM

Yes, this is a limitation with the protocol itself. Theres only 65535 ports, UDP and TCP are seperate. But a TCP/IP application can't be NAT'd w/a UDP port

The maxinum number of translations per protocol is around 64,000 I would guess (this will vary by implementation). Most vendors NAT between ports 1025 - 65535. Some don't use the lower or higher port #s so it depends. The default timeout per NAT entry on cisco IOS is 24 hrs so you can adjust the timeout values to timeout the connections sooner to free up resources and to make room for new NAT translations if you're doing a lot of translations.

Also, NAT was originally created as a way to get around public IPv4 addresses running out until people converted to IPv6 address space. That was awhile ago... and were still using IPv4 mostly everywhere.

0 Helpful

Erick Bergquist
Level 6
Level 6
In response to jhalldn

‎02-02-2003 11:36 AM

I realize it depends on DRAM and CPU... and was asking how many it can have before problems occur. Was curious if others have ran into problems and at what # with a 3640.

0 Helpful

yuzuohong
Level 1
Level 1
In response to Erick Bergquist

‎02-02-2003 07:49 PM

Hi,

So, if I have to deal with 100,000 NAT translation at the same time, how can I make it? If I have more than 3 formal IP, can I use them to do the NAT work? Would you please give me some guide?

zuohong

0 Helpful

Erick Bergquist
Level 6
Level 6
In response to yuzuohong

‎02-02-2003 09:41 PM

You would need to do overload / PAT across 2 IP addresses at a minimum. Maybe 3... it depends on the implementation of NAT for the product you're using. The device would have to be capable of handling that many translations without crawling or crashing also.

I would look at the design or using multiple boxes/routers if you really need that many though.

0 Helpful

yuzuohong
Level 1
Level 1
In response to Erick Bergquist

‎02-03-2003 12:40 AM

Hi,

Thank you so much.

I searched CISCO for "nat overload" configuration and found the detailed process. Actually, I'm an network administrator of an small ISP. That's why I need to deal with this many NAT translations. I'm now using 2 Linux boxes as our NAT device. I'm planning to use our CISCO 6509 instead.

So lucky to have your help.

zuohong

0 Helpful

a.manosca
Level 4
Level 4
In response to yuzuohong

‎02-03-2003 12:48 AM

Probably an important point to take note of is the approximate 160 bytes

of DRAM per translations (including PAT). So for 20,000 translations, approximately 3.2MB of DRAM will consumed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents