Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

Maximum allowed NAT/PAT Translations on Sup720

Trying to figure out maximum allowed NAT/PAT Translations allowed on a WS-SUP720-BASE.  At any one time we can expect about 30k active users browsing the internet.    Trying to find out if it supports 300k+ translations.

Everyone's tags (4)
6 REPLIES

Re: Maximum allowed NAT/PAT Translations on Sup720

Hi Charles,

Max Nat translation  entries can be up to 2147483647 but although a typical range for a NAT rate limit is 100 to 300 entries.

Check out the below link hope this helps out  your query !!

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_natrl.html#wp1027129

If helpful do rate the valuable post.

Regards

Ganesh.H

Hall of Fame Super Silver

Re: Maximum allowed NAT/PAT Translations on Sup720

Hello Charles,

NAT is declared hardware assisted on sup720 datasheet

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html

so I wouldn't expect the system to be able to handle more NAT entries then the size of its TCAM tables used for multilayer switching operations.

for sup 720 3B

256,000 route entries

128,000 netflow entries

see table 1 of above document

I'm not sure that  NAT rate limiting feature described in the link provided by Ganeshh applies to a C6500 where NAT is not performed only in SW.

a check should be done with feature navigator

http://www.cisco.com/go/fn

search by feature NAT rate limiting NAT translation  among supported platforms I see C7600 with RSP720/MSFC4 or SW based routers like C7200 or ISR.

but it is supported NAT- Perfomance enhacement - Translation table opmitization

and Hardware-Assisted NAT as declared in datasheet

Hope to help

Giuseppe

Maximum allowed NAT/PAT Translations on Sup720

I want the answer too.

Cisco Employee

Maximum allowed NAT/PAT Translations on Sup720

Hi All,

unfortunately this info cannot be disclosed on the forum. If you are entitled to do so and you have signed a NDA you can get in touch with your Account team (if you have it) and ask for some performance specs as we do have some.

General rules are:

- the Sup720 is not conceived to NAT all the traffic handled by it. It can do it of course but since the feature is hardware assisted, as Giuseppe correctly pointed out, which means that it cannot be entirely performed in hardware but requires the assistance of software (read CPU) there are scalability considerations to be aware of.

In other words if you require that all the traffic (or vast majority of it) going through your system has to be NAT'ted it is better that you use another device for that (a software based router is better equipped for that). NAT on Sup720 can be used as a temporary measure or for limited traffic volume.

- Performance depends on some variables such as packet size, transport protocol (TCP vs UDP), and type of NAT (static vs dynamic; NAT vs PAT).

NAt is more performing than PAT with UDP being slighlty more performing than TCP.

Cannot add more unfortunately 

Riccardo

Maximum allowed NAT/PAT Translations on Sup720

I don't understand "hardware assisted" ?

Cisco Employee

Maximum allowed NAT/PAT Translations on Sup720

it means that the forwarding cannot be entirely handled in hardware circuitry (PFC etc) but requires the assistance of the CPU in software.

Riccardo

4686
Views
5
Helpful
6
Replies
CreatePlease to create content