Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT

 

Hello all,

ip nat pool test 64.xx.xx.57 64.xx.xx.58 netmask 255.255.255.252
ip nat inside source list ALLOWMYLAN pool test overload

in the above scenario how many private ips can i connect from the internal lan so that they connect to the outside internet.

Thanks

 

 

  • WAN Routing and Switching
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hello,in the above scenario

Hello,

in the above scenario how many private ips can i connect from the internal lan so that they connect to the outside internet.

Perhaps surprisingly, this question cannot be answered exactly. Your configuration performs Port Address Translation, multiplexing several sessions created from inside LAN using the Layer 4 port number. Each session consumes one port per an IP address from the NAT pool, and if ports on one NAT pool IP address are exhausted, the second IP address will be used. The number of internal PCs supported with this configuration is therefore dependent on the number of simultaneous sessions created by them.

In very simplified terms, there are 65535 ports available for each address in your NAT pool for a particular Layer 4 protocol (TCP or UDP). This means that for a particular Layer 4 protocol, each of your NAT pool addresses can be used to hide 65535 sessions in that protocol. With two IP addresses in the pool, they can in total hide 131070 sessions. If each of your internal PCs can be expected to create just a single TCP session on average, your configuration would be able to serve 131070 internal PCs. If each of your internal PCs can be expected to create 100 TCP sessions on average, your configuration would be able to serve about 1310 internal PCs (131070/100). Please note that UDP sessions would be independent, as UDP uses a separate port number space not shared with TCP.

The true numbers would be different, as Cisco's PAT implementation divides the ports to be rewritten into three intervals: 0-511, 512-1023, 1024-65535, and maintains the particular group when choosing the rewritten port value. For client ports, only the 1024-65535 group is available, containing 64512 unique ports, so the total number of client sessions for a particular Layer 4 protocol is 129024. In any case, if your internal PCs are not expected to originate more than, say, 500 sessions in a short timespan, this estimation would allow you to have 129024/500=258 internal PCs.

As you can see, because the true limit in PAT is the number of particular Layer 4 protocol sessions that can be considered a random variable, the number of internal PCs is all about averages and statistics. I believe that with 500 sessions per a single internal PC, I have made a pretty pessimistic estimate and the true number of sessions would be significantly smaller. This, however, strongly depends on the way the PCs are used, the network applications and their nature. That is why no exact answer can be given.

Best regards,
Peter

1 REPLY
Cisco Employee

Hello,in the above scenario

Hello,

in the above scenario how many private ips can i connect from the internal lan so that they connect to the outside internet.

Perhaps surprisingly, this question cannot be answered exactly. Your configuration performs Port Address Translation, multiplexing several sessions created from inside LAN using the Layer 4 port number. Each session consumes one port per an IP address from the NAT pool, and if ports on one NAT pool IP address are exhausted, the second IP address will be used. The number of internal PCs supported with this configuration is therefore dependent on the number of simultaneous sessions created by them.

In very simplified terms, there are 65535 ports available for each address in your NAT pool for a particular Layer 4 protocol (TCP or UDP). This means that for a particular Layer 4 protocol, each of your NAT pool addresses can be used to hide 65535 sessions in that protocol. With two IP addresses in the pool, they can in total hide 131070 sessions. If each of your internal PCs can be expected to create just a single TCP session on average, your configuration would be able to serve 131070 internal PCs. If each of your internal PCs can be expected to create 100 TCP sessions on average, your configuration would be able to serve about 1310 internal PCs (131070/100). Please note that UDP sessions would be independent, as UDP uses a separate port number space not shared with TCP.

The true numbers would be different, as Cisco's PAT implementation divides the ports to be rewritten into three intervals: 0-511, 512-1023, 1024-65535, and maintains the particular group when choosing the rewritten port value. For client ports, only the 1024-65535 group is available, containing 64512 unique ports, so the total number of client sessions for a particular Layer 4 protocol is 129024. In any case, if your internal PCs are not expected to originate more than, say, 500 sessions in a short timespan, this estimation would allow you to have 129024/500=258 internal PCs.

As you can see, because the true limit in PAT is the number of particular Layer 4 protocol sessions that can be considered a random variable, the number of internal PCs is all about averages and statistics. I believe that with 500 sessions per a single internal PC, I have made a pretty pessimistic estimate and the true number of sessions would be significantly smaller. This, however, strongly depends on the way the PCs are used, the network applications and their nature. That is why no exact answer can be given.

Best regards,
Peter

38
Views
0
Helpful
1
Replies
This widget could not be displayed.