3Com Switch 8800 Advanced Software V5 Configuration Guide
NAT Overview 987
transmission rate. However, when the bandwidth is higher than 1.5 Gbps, NAT
could affect the switch performance to a certain extent.
NAT Functionalities Many-to-many NAT and NAT control
As depicted in Figure 296, when an internal network user accesses an external
network, NAT uses an external or public IP address to replace the original internal
IP address. In
Figure 296, this address is the outbound interface address (a public
IP address) of the NAT gateway. This means that all internal hosts use the same
external IP address when accessing external networks. In this scenario, only one
host is allowed to access external networks at a given time. Hence, it is referred to
as "one-to-one NAT".
Another form of NAT solves this problem by allowing the NAT gateway to have
multiple public IP addresses. When the first internal host accesses external
networks, NAT chooses a public IP address for it, records the mapping between
the two addresses and transfers data packets. When the second internal host
accesses external networks, a similar process happens, but this time another public
IP address is used, and so are the remaining internal hosts. In this way, multiple
internal hosts can access the external networks simultaneously. This type of NAT is
called "many-to-many NAT".
n
The number of public IP addresses an NAT gateway has is far less than the number
of internal hosts, because not all internal hosts will access the external networks at
the same time. The number of necessary public IP addresses should be determined
based on the statistics on the number of the hosts that might access external
networks during peak time.
In practice, an enterprise may need to allow some internal hosts to access external
networks while prohibiting others. This can be achieved through the NAT control
mechanism. If a source IP address is among those addresses that have been denied
access to external networks, the NAT gateway will not translate this address.
The "many-to-many NAT" can be realized through definition of an address pool
whereas NAT control can be achieved through ACLs.
■ Address pool: a set of consecutive public IP addresses intended for address
translation. The address pool should be configured according to the number of
legal IP addresses, the number of internal hosts, and the actual network
requirements. The NAT gateway will select an address from the address pool
and use it as the source public IP address during address translation.
■ NAT control through ACLs: NAT is only applied to the packets that match the
ACL rules. This makes the use of NAT more flexible.
NAPT
Another form of NAT is network address port translation (NAPT for short). NAPT
allows multiple internal addresses to be mapped to the same external public IP
address, namely "multiple-to-one NAT", or "address multiplexing".
The destination addresses of the packets from different internal hosts are mapped
to the same external IP address but with different port numbers. In other words,
NAPT maps the combination of a private IP address and a port number to the
combination of a public IP address and a port number.