Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Number of NAT Translations a 3640 can handle

Hi,

Just curious if anyone has any #s on how many active NAT translations a 3640 can handle before it starts having issues. Found a cisco doc that saids a NPE-300 (7200 series) can handle 20,000 to 40,000 before a 'meltdown' occurs.

8 REPLIES
Community Member

Re: Number of NAT Translations a 3640 can handle

I dont think there are a maximum count for NAT, its all about how much DRAM and CPU capacity the box have. Please correct me if im wrong!

But if your using overload, there should be a limit with free ports (UDP/TCP) in the range 0-65535 per address.

Community Member

Re: Number of NAT Translations a 3640 can handle

Hi,

I'm a freshman to NAT. But, according to your 65535 ports limitation rule, does it mean that every PAT device has this limitation? No matter I use linux firewall, windows firewall or hardware router?

zuohong

Re: Number of NAT Translations a 3640 can handle

Yes, this is a limitation with the protocol itself. Theres only 65535 ports, UDP and TCP are seperate. But a TCP/IP application can't be NAT'd w/a UDP port

The maxinum number of translations per protocol is around 64,000 I would guess (this will vary by implementation). Most vendors NAT between ports 1025 - 65535. Some don't use the lower or higher port #s so it depends. The default timeout per NAT entry on cisco IOS is 24 hrs so you can adjust the timeout values to timeout the connections sooner to free up resources and to make room for new NAT translations if you're doing a lot of translations.

Also, NAT was originally created as a way to get around public IPv4 addresses running out until people converted to IPv6 address space. That was awhile ago... and were still using IPv4 mostly everywhere.

Re: Number of NAT Translations a 3640 can handle

I realize it depends on DRAM and CPU... and was asking how many it can have before problems occur. Was curious if others have ran into problems and at what # with a 3640.

Community Member

Re: Number of NAT Translations a 3640 can handle

Hi,

So, if I have to deal with 100,000 NAT translation at the same time, how can I make it? If I have more than 3 formal IP, can I use them to do the NAT work? Would you please give me some guide?

zuohong

Re: Number of NAT Translations a 3640 can handle

You would need to do overload / PAT across 2 IP addresses at a minimum. Maybe 3... it depends on the implementation of NAT for the product you're using. The device would have to be capable of handling that many translations without crawling or crashing also.

I would look at the design or using multiple boxes/routers if you really need that many though.

Community Member

Re: Number of NAT Translations a 3640 can handle

Hi,

Thank you so much.

I searched CISCO for "nat overload" configuration and found the detailed process. Actually, I'm an network administrator of an small ISP. That's why I need to deal with this many NAT translations. I'm now using 2 Linux boxes as our NAT device. I'm planning to use our CISCO 6509 instead.

So lucky to have your help.

zuohong

Bronze

Re: Number of NAT Translations a 3640 can handle

Probably an important point to take note of is the approximate 160 bytes

of DRAM per translations (including PAT). So for 20,000 translations, approximately 3.2MB of DRAM will consumed.

165
Views
0
Helpful
8
Replies
CreatePlease to create content