Solved: Hello,in the above scenario

mudasir05 · ‎08-14-2014

Hello all,

ip nat pool test 64.xx.xx.57 64.xx.xx.58 netmask 255.255.255.252
ip nat inside source list ALLOWMYLAN pool test overload

in the above scenario how many private ips can i connect from the internal lan so that they connect to the outside internet.

Thanks

Peter Paluch · ‎08-14-2014

Hello,

in the above scenario how many private ips can i connect from the internal lan so that they connect to the outside internet.

Perhaps surprisingly, this question cannot be answered exactly. Your configuration performs Port Address Translation, multiplexing several sessions created from inside LAN using the Layer 4 port number. Each session consumes one port per an IP address from the NAT pool, and if ports on one NAT pool IP address are exhausted, the second IP address will be used. The number of internal PCs supported with this configuration is therefore dependent on the number of simultaneous sessions created by them.

In very simplified terms, there are 65535 ports available for each address in your NAT pool for a particular Layer 4 protocol (TCP or UDP). This means that for a particular Layer 4 protocol, each of your NAT pool addresses can be used to hide 65535 sessions in that protocol. With two IP addresses in the pool, they can in total hide 131070 sessions. If each of your internal PCs can be expected to create just a single TCP session on average, your configuration would be able to serve 131070 internal PCs. If each of your internal PCs can be expected to create 100 TCP sessions on average, your configuration would be able to serve about 1310 internal PCs (131070/100). Please note that UDP sessions would be independent, as UDP uses a separate port number space not shared with TCP.

The true numbers would be different, as Cisco's PAT implementation divides the ports to be rewritten into three intervals: 0-511, 512-1023, 1024-65535, and maintains the particular group when choosing the rewritten port value. For client ports, only the 1024-65535 group is available, containing 64512 unique ports, so the total number of client sessions for a particular Layer 4 protocol is 129024. In any case, if your internal PCs are not expected to originate more than, say, 500 sessions in a short timespan, this estimation would allow you to have 129024/500=258 internal PCs.

As you can see, because the true limit in PAT is the number of particular Layer 4 protocol sessions that can be considered a random variable, the number of internal PCs is all about averages and statistics. I believe that with 500 sessions per a single internal PC, I have made a pretty pessimistic estimate and the true number of sessions would be significantly smaller. This, however, strongly depends on the way the PCs are used, the network applications and their nature. That is why no exact answer can be given.

Best regards,
Peter

View solution in original post

Peter Paluch · ‎08-14-2014

Hello,

in the above scenario how many private ips can i connect from the internal lan so that they connect to the outside internet.

Perhaps surprisingly, this question cannot be answered exactly. Your configuration performs Port Address Translation, multiplexing several sessions created from inside LAN using the Layer 4 port number. Each session consumes one port per an IP address from the NAT pool, and if ports on one NAT pool IP address are exhausted, the second IP address will be used. The number of internal PCs supported with this configuration is therefore dependent on the number of simultaneous sessions created by them.

In very simplified terms, there are 65535 ports available for each address in your NAT pool for a particular Layer 4 protocol (TCP or UDP). This means that for a particular Layer 4 protocol, each of your NAT pool addresses can be used to hide 65535 sessions in that protocol. With two IP addresses in the pool, they can in total hide 131070 sessions. If each of your internal PCs can be expected to create just a single TCP session on average, your configuration would be able to serve 131070 internal PCs. If each of your internal PCs can be expected to create 100 TCP sessions on average, your configuration would be able to serve about 1310 internal PCs (131070/100). Please note that UDP sessions would be independent, as UDP uses a separate port number space not shared with TCP.

The true numbers would be different, as Cisco's PAT implementation divides the ports to be rewritten into three intervals: 0-511, 512-1023, 1024-65535, and maintains the particular group when choosing the rewritten port value. For client ports, only the 1024-65535 group is available, containing 64512 unique ports, so the total number of client sessions for a particular Layer 4 protocol is 129024. In any case, if your internal PCs are not expected to originate more than, say, 500 sessions in a short timespan, this estimation would allow you to have 129024/500=258 internal PCs.

As you can see, because the true limit in PAT is the number of particular Layer 4 protocol sessions that can be considered a random variable, the number of internal PCs is all about averages and statistics. I believe that with 500 sessions per a single internal PC, I have made a pretty pessimistic estimate and the true number of sessions would be significantly smaller. This, however, strongly depends on the way the PCs are used, the network applications and their nature. That is why no exact answer can be given.

Best regards,
Peter